Introduction
The Traefik Log Analyzer is a powerful command-line tool designed to help you analyze Traefik proxy server logs. It can parse both standard and JSON format logs, providing insights into traffic patterns, potential security issues, and server performance.
Getting Started
Requirements
- Bash shell environment
- Access to Traefik log files
- Basic command-line knowledge
- Optional:
jqfor JSON log processing
Launching the Analyzer
- Open your terminal
- Navigate to the directory containing the script
- Run the script:
curl -o traefik_log_analyzer.sh https://gist.githubusercontent.com/hhftechnology/ea65ddc95e573a4b9b804fb37b607887/raw/dea90d70fc9cedd213bda3b7cbfa8901e93169a1/traefik_log_analyzer.sh && chmod +x ./traefik_log_analyzer.sh ./traefik_log_analyzer.sh
Initial Setup
Upon launch, you’ll be prompted to:
- Enter the path to your log file (default:
./access.log) - Specify how many lines to analyze (default: 5000)
The script will then parse your logs and present the main menu.
Main Menu
The main menu provides access to various analysis functions:
1. Analyze HTTP Status Codes
This option displays a breakdown of HTTP status codes in your logs:
- Shows the count of each status code (200, 404, 500, etc.)
- Helps identify error rates and server health
- Useful for detecting unusual numbers of errors or redirects
2. Analyze Top Client IPs
This option lists the most active IP addresses:
- Shows the top client IPs by request count
- Helps identify heavy users or potential attackers
- Can reveal traffic patterns and client distribution
3. Analyze HTTP Methods
This option breaks down requests by HTTP method:
- Shows counts for GET, POST, PUT, DELETE, etc.
- Helps understand API usage patterns
- Can reveal unexpected or malicious method usage
4. Analyze Top Requested Paths
This option shows the most frequently accessed URLs:
- Lists the most popular content or endpoints
- Helps identify resource usage patterns
- Can reveal potential targets for optimization
5. Analyze Errors
This option focuses on error responses (status codes ≥ 400):
- Shows which clients are receiving errors
- Identifies problematic paths or resources
- Helps troubleshoot failing requests
6. Analyze TLS/SSL Usage
This option examines TLS/SSL version usage:
- Shows distribution of TLS versions
- Helps identify outdated or insecure connections
- Useful for security auditing
7. Analyze User Agents
This option examines client software information:
- Shows most common browsers, bots, and tools
- Helps understand client ecosystem
- Can identify scraping or unusual clients
8. Analyze Security
This option focuses on potentially suspicious requests:
- Identifies requests for sensitive paths
- Highlights potential scanning or attack attempts
- Tracks attempts to access admin interfaces, configuration files, etc.
9. Settings
Opens the settings menu for configuration options.
0. Exit
Exits the analyzer.
Settings Menu
The settings menu allows you to customize analysis parameters:
1. Change Log File Path
- Allows selecting a different log file for analysis
- Current path is shown in parentheses
- The file must exist or the change will be rejected
2. Change Number of Lines
- Controls how much of the log file is analyzed
- Higher values provide more comprehensive analysis but use more memory
- Lower values are faster but may miss patterns
3. Set IPs to Ignore
- Allows entering a comma-separated list of IP addresses to exclude
- Useful for filtering out internal monitoring, load balancers, or known services
- Helps focus analysis on external traffic
4. Toggle Report Saving
- Enables/disables saving CSV reports
- When enabled, creates a directory with timestamp (e.g.,
./traefik_analysis_20230501_123045/) - Each analysis function generates its own CSV report
5. Toggle Verbose Mode
- Enables/disables additional output detail
- Helpful for debugging or detailed analysis
0. Back
Returns to the main menu.
Understanding Reports
When report saving is enabled, the analyzer creates CSV files containing the data from each analysis:
status_codes.csv- HTTP status code distributiontop_ips.csv- Most active client IP addressesmethods.csv- HTTP method usagepaths.csv- Most requested pathserrors.csv- Error detailstls.csv- TLS version informationuser_agents.csv- Client software informationsuspicious_paths.csv- Potential security concerns
These files are saved in the report directory, which is displayed at the end of your session.
Tips for Effective Usage
-
Start with a smaller line count to test functionality, then increase for more comprehensive analysis
-
Use the ignore IPs option to filter out known traffic sources like monitoring systems
-
For troubleshooting, use options 1, 5, and 4 to quickly identify errors and their patterns
-
For security audits, use options 2, 8, and 5 to identify suspicious behavior
-
Save reports when analyzing large logs to allow for further analysis in spreadsheet software
-
Compare reports over time to identify trends and changes in traffic patterns
-
Focus on specific time periods by using log rotation or filtering tools to create targeted log files
-
For performance analysis, focus on options 1, 3, and 4 to identify high-traffic resources
The Traefik Log Analyzer makes it easy to gain insights from your access logs without requiring complex tools or extensive log analysis knowledge. For more advanced analysis, export the CSV reports and use them with your preferred data analysis tools.
