I run different services on my debian server and I would like to know if there any terminal command or something to show the countries and number connections that have established contact
I run different services on my debian server and I would like to know if there any terminal command or something to show the countries and number connections that have established contact
For HTTP/web server logs: goaccess using the free db-ip database will give you country-level geolocation info.
For other connections (SSH etc.), setup a Graylog instance, send all your logs to it using rsyslog over TLS, setup pipelines to extract IP addresses from the messages, and setup the GeoIP plugin (https://graylog.org/post/how-to-set-up-graylog-geoip-configuration/). It’s not a small task though. My ansible roles for goaccess and graylog.
Thanks for the answers, but my specs are very low (intel atom with 2GB ram), I only wanted to know which countries are using my snowflake tor bridge.
Graylog and elasticsearch might fit on that, depending on how much is already used, and if you set the heap sizes at their bare minimum… but it will perform badly, and it’s overkill anyway if you just need this simple stat.
I would look into writing a custom log parser for goaccess (https://goaccess.io/man#custom-log) and let it parse your bridge logs. This is how the geolocation section looks in the HTML report (each continent can be expanded and it will reveal the stat by country).
I update the report every hour via cron, as I don’t need real-time stats (but goaccess can do that).
How I wish I had seen this about a month ago when I spent hours smarting up the nginx module and converting the maxmind DBs to v1 to make the compatible.
I do wonder how well this performs compared to the nginx module