Installing AWstats on Ubuntu 14.04 LTS

If you want to see loads of stats for your web site try installing awstats.

Install

Installing the software and some packages necessary for the geo and net IP location stats.

sudo apt-get install awstats libgeo-ipfree-perl libnet-ip-perl

Configure AWstats

This post assumes your domain is example.com.

sudo cp /etc/awstats/awstats.conf /etc/awstats/awstats.example.com.conf

These are the options I changed, read through the file looking at the comments.

LogFile="/var/log/apache2/access.log"
LogFormat=1

SiteDomain="example.com"
HostAliases="localhost 127.0.0.1 example.com"

DirCgi="/awstats"

LoadPlugin="tooltips"
LoadPlugin="graphgooglechartapi"
LoadPlugin="geoipfree"

SkipDNSLookupFor="REGEX[^192\.168\.]"

AllowFullYearView=3

Manually Run The Update

Once you have made the changes above and saved the file run your first update, to gather stats.

sudo /usr/lib/cgi-bin/awstats.pl -config=example.com -update

The output should look similar to the following

Create/Update database for config "/etc/awstats/awstats.example.com.conf" by AWStats version 7.2 (build 1.992)
From data in log file "/var/log/apache2/access.log"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 135678
 Found 0 dropped records,
 Found 4 corrupted records,
 Found 0 old records,
 Found 135674 new qualified records.

Automatic Stat Updates

To maintain the stats on a regular basis you will need a cron job to run the awstats update script. Change the user who will be running the script from www-data to root. There area bunch of permission errors when run as www-data.

sudo nano /etc/cron.d/awstats

The cron job below will run every 10 minutes, adjust the time to your needs.

*/10 * * * * root /usr/lib/cgi-bin/awstats.pl -update > /dev/null

Configure Apache2

To access awstats from a browser, this assumes you are using Apache2. update the default virtual host with the following, to tell Apache where to find the awstats start script.

sudo nano /etc/apache2/sites-available/000-default.conf

Add the following line to the end of the file before the closing </VirtualHost> tag.
Note: All the posts I’ve seen fail to use the ‘+’ in front of the ExecCGI option which will break your Apache config and it will not restart.

Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon/ "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
ScriptAlias /awstats/ /usr/lib/cgi-bin/
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Restart your Apache server.

sudo service apache2 restart

You should now be able to browse to https://example.com/awstats/ and get the main awstats page.

Stop Unauthorised Users

As the above setup stands anyone, that is the world and his dog can now see your web serrver stats. Probably not a good idea or something you want. We can let Awstats protect itself with the rather well named parameter AllowAccessFromWebToFollowingIPAddresses or as it is also simple to restrict access by forcing the user to enter a password or simple only allow IP addresses on your local LAN not from external IPs.

To allow awstats to protect itself edit the config file and add a list of IP addresses or ranges see the comment above the option of the syntax.

sudo nano /etc/awstats/awstats.example.com.conf
AllowAccessFromWebToFollowingIPAddresses="127.0.0.1 192.168.2.0-192.168.2.255"

Access via a User Name and Password

To only allow access for users configured in the auth_users file we can use the following addition at the end of /etc/apache2/sites-available/000-default.conf. To create a new user file and add the username “richard” to the file /etc/apache2/auth_users. To append other users do not use the -c flag.

htpasswd -c /etc/apache2/auth_users richard

  AuthName "Enter Your User Name and Password"
  AuthType Basic
  AuthUserFile /etc/apache2/auth_users
  Require valid-user

sudo service apache2 restart

Access Blocked via IP Address

To only allow access from your local LAN in this case 192.168.0.0/16, we can use the following addition at the end of /etc/apache2/sites-available/000-default.conf


  Order Deny,Allow
  Deny from all
  # this ALLOWS the range 192.168.0.0 - 192.168.0.255 
  Allow from 192.168.0.0/16

sudo service apache2 restart

Logging Data From Old logs

If you want to log the data in old log files rotated out of the way you can do that using a command line similar to the below. This may take some time depending on the number and size of your log files and the files need to be run in chronological order. If you ran the manual update above you will need to delete the database. Anyway, it was worth while as that is generally very quick and you can see some data being displayed. Also, it is worth moving the cron file for awstats to stop that from running.

The database files are where ever you pointed the option DirData to, it defaults to /var/lib/awstats. The second command mv the awstats cron job out of the way.

sudo rm /var/lib/awstats/*

sudo mv /etc/cron.d/awstats /root

Now we can run the log import or update from the command line. My Apache logs are compressed and called access.log, access.log.1 or access.log.n.gz. Giving the following command line to import them all. Depending on the size and number of files this may put a heavy load on the server, so i also run the command through nice.
Note: the command should all be on one line.

sudo nice /usr/lib/cgi-bin/awstats.pl -update -config="example.com" -LogFile="/usr/share/awstats/tools/logresolvemerge.pl /var/log/apache2/access.log* |"

Remember to put the cron file back again.

sudo mv /root/awstats  /etc/cron.d

3 thoughts on “Installing AWstats on Ubuntu 14.04 LTS

    1. Richard Post author

      Oh good grief! If you look at the top of your awstats the page, you will see a message in RED saying “Never updated (See ‘Build/Update’ on awstats_setup.html page)” you need to run the update scripts. See the section “Manually run the Update”.

      And you should not allow the world to see your awstats page. It adds another way to attack your web server.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *