The Cerberus Project

GoAccess:

Aggregate HTTP/Apache log monitoring

While Zabbix monitors the entire cluster from an internal standpoint, there are other logging operations to stay on top of in terms of server diagnostics. One of these other integral services is GoAccess, which is purely an open source Apache log monitor.

In order to make sure that HTTP/Apache hosted resources are remaining secure, all of the Apache log files are scrubbed for their statistics. This also helps in adding weekly firewall updates, as spam and malicious attempts to XSS (cross site script) attacks to required outward facing pages are made.

GoAccess is running in several instances on the HEADNODE of the system and updates every minute with new statistics. Each day at noon, the aggregate collection of averaged stats are emailed to the head admin to look over for any potential irregularities.

GoAccess is far from the most intuitive piece of software to be implemented, and thus its behavior is heavily scripted and modified internally to run across all outward facing systems to collect relevant log files and then forward to the headnode for analysis.

Once the information is internalized and analyzed, a custom HTML/PDF document is created by the program hosted scripts and hosted internally for elegant analysis.

GoAccess Web Panel

Here, IP's are logged and page requests are displayed in an easy manner. Tons of traffic is purely internal requests but rogue attempts to scrape data are also recorded which helps promote internal and external security by addressing attacks as they happen.