The Ngxtop utility monitors access-logs and outputs them to the console in the style of the famous [tor] program (https://fornex.com/help/top-command/)
The installation is done as follows:
# pip install ngxtop
Syntax for using the utility:
ngxtop [options]
ngxtop [options] (print|top|avg|sum)
You can see a list of all available options with the command:
# ngxtop --help
By default, Ngxtop detects the location of the Nginx access-log by itself from the configuration file /etc/nginx/nginx.conf. If there are several such logs, you will need to choose which one to work with:
# ngxtop
Multiple access logs detected in configuration:
1. /var/log/nginx/access502.log
2. /var/log/nginx/access.api.log
3. /var/log/nginx/access.img.log
4. /var/log/nginx/access.log
5. /var/log/nginx/access404.log
To see requests with a 404 status, you can use the command:
# ngxtop -i 'status == 404' print request status
result of execution:
running for 130 seconds, 150 records processed: 1.15 req/sec
request, status:
|request | status |
|-----------------------------------------------------+----------|
| GET /browserconfig.xml HTTP/1.1 | 404 |
| GET /employer/my/archive/2107569/98483600/ HTTP/1.1 | 404
| GET /employer/my/archive/2107569/98483867/ HTTP/1.1 | 404
| GET /jobs/1045534/ HTTP/1.1 | 404 |
| GET /jobs/1230564/ HTTP/1.1 | 404
| GET /jobs/1254320/ HTTP/1.1 | 404
| GET /jobs/1304769/ HTTP/1.1 | 404
| GET /jobs/1326496/ HTTP/1.1 | 404
To see the IP addresses from which the most requests come, use the command:
# ngxtop top remote_addr
execution result:
running for 8 seconds, 1759 records processed: 217.15 req/sec
top remote_addr
| remote_addr | count |
|-----------------+---------|
| 92.60.184.91 | 45 |
| 66.249.78.10 | 42 |
| 77.120.121.122 | 42 |
| 66.249.89.63 | 28 |
| 91.206.201.152 | 19 |
| 37.229.17.176 | 17 |
| 77.87.193.40 | 17 |
| 157.55.39.7 | 16 |
| 188.115.135.245 | 16 |
| 89.184.80.168 | 16 |