Rhit reads your nginx log files (even gzipped), does some basic analysis and tells you about it in pretty tables in your console, storing and polluting nothing.
It lets you filter hits by dates, or by patterns on referers and paths.
And it's fast enough (about one second per million lines) so you can iteratively try queries to build your insight.
Installation
You need the Rust toolchain. Do
Rhit is only tested on linux.
Basic Usage
If rhit is on the server, and the logs are at their usual location:
(you may have to prefix with sudo to read the files in /var/log
)
Tell rhit what files to open:
Filtering
Filter on paths
Filtering can be quite simple:
But the syntax allows for much more interesting queries.
You may use a regular expression:
You may negate expressions with a !
.
For example, I have many paths which are just a number (eg /12345
) and If I want to filter them, I can do
(remember to use simple quotes and not double quotes to not have your shell interpret the expression)
Separating filters with a comma is an easy way to do a "AND".
If I want to get paths which are neither broot
or just a number, I'll do
If I want to get all paths containing a digit, but not just a number, and not broot
, I do
For a more complex logic, switch to binary expressions with parentheses and logic operators &
, |
and !
.
For example to get all paths containing dystroy
or blog
but not broot
:
(add spaces inside parenthesis to avoid them being understood as part of a regular expression)
To get all paths containing dystroy
but neither blog
, nor space
nor any 4 digits numbers:
Filter on referer
As for the path, you may use a complex expression.
Only show a specific day
If the log contains several years, you need to precise it, eg rhit -d 2020/12/25
.
Symmetrically, you may omit the month if it's not ambiguous: rhit -d 25
.
Only show a period:
Filter by status
The syntax is quite versatile:
Filter by remote address
Combine filters
You can use several arguments.
For example, to get all paths resulting in a 404
but not the robots.txt
(which are legit queries) or the /crashy
path:
Choose what to show
The displayed tables (all by default) can be chosen with the -t
argument.
For example to only show remote adresses and paths, use:
(use rhit --help
for the complete list)
Table lengths is decided with the -l
argument. Use rhit -l 0
to have just a few lines in the various tables, and rhit -l 5
for huge tables. Default value is 1
.