20051102
Installing Webalizer is not very difficult - I think, because I haven't really documented it when I did install it. Anyway, there was an issue with Webalizer not showing the countries and urls for the visitor statistics. This can simply be remedied by… going to the Apache httpd.conf
file and turning HostnameLookups
'on':
HostnameLookups On
That's all!
20051108
Well, almost. There's one more thing to do.
The Webmin module for Webalizer stores its configuration files for each virtualHost under:
/etc/webmin/webalizer
This is important to know, because Webalizer not only reads the webalizer.conf
file, but also these webmin-specific configuration files, somehow.
You want to know where your visitors came from? For instance, if they used a portal site, or a search engine where they clicked on a link to your site, you want Webalizer to show it.
In this case, too, you have to tell Apache webserver to log this information. You do this by adding the following line to the httpd.conf
file:
CustomLog /var/lib/httpd/logs/access_log combined
But that's not all, because Virtualmin (Webmin's website configuration tool) also adds virtualHost sections in the httpd.conf
file for each website. So, make sure that each website has the same line, telling Apache to make a “combined” log.
If you're tired of doing this manually, go to the Virtualmin module in Webmin, and select the button “Server Templates”. Here, select “Default Settings” and find the textarea called Directives and settings for new websites
.
Here, replace the line
CustomLog ${HOME}/logs/access_log common
with
CustomLog ${HOME}/logs/access_log combined
I couldn't get Webalizer to consistently display the referer urls, so I decided to give Awstats a try. This is also a weblog analyzer, but it shows fancier graphics at the price of slower performance. This shouldn't be a problem for small websites, however.
I followed the instructions on http://www.dotvoid.com/view.php?id=29 and downloaded the rpm from http://dag.wieers.com/packages/awstats/.
[root@1038 /]# rpm -i --nosignature /etc/rpm/awstats-6.4-1.1.fc2.rf.noarch.rpm [root@1038 /]# rpm -q awstats awstats-6.4-1.1.fc2.rf [root@1038 /]#
I quickly found out that the first website is not applicable to my situation however. So I got myself a Webmin module for Awstats instead: http://prdownloads.sourceforge.net/awstats/awstats-1.5.wbm. But Webmin had problems installing this particular download, so I took another sourceforge file from this page: http://sourceforge.net/project/showfiles.php?group_id=13764.
I then followed the documentation in http://awstats.sourceforge.net/docs/awstats_webmin.html. This does not quite cut it either, because the webmin module assumes that the Awstats tool can run under the Webmin perl webserver - which it cannot (at least not out of the box). Fortunately, the Webmin Awstats module is still very usefull for the initial configuration of a single Awstats website analyzer (after installation, you'll find the Awstats webmin module under “System > AWStats Logfile Analyzer”).
What I did, in the end, was:
httpd.conf
file manually, to:Alias /awstatsclasses "/var/www/awstats/classes/" Alias /awstatscss "/var/www/awstats/css/" Alias /awstatsicons "/var/www/awstats/icon/" ScriptAlias /awstats "/var/www/awstats/" <Directory "/var/www/awstats"> Options None AllowOverride None Order allow,deny Allow from all </Directory>
Just add these lines at the end of the httpd.conf
file. Make sure that the ScriptAlias directory differs from the Alias directories, or you'll end up seeing the perl script code of the awstats.pl file in your web browser.
Now take a good look at the Alias directories, and compare them with the directories of the awstats installation. There are no awstatsicons, etc. directories! So:
Look for the DirIcons=
directive, and, following our example httpd.conf file, set it to:
DirIcons="/awstatsicons"
[root@1038 awstats]# perl awstats.pl -config=dopperdude -update Update for config "/etc/awstats/awstats.dopperdude.conf" With data in log file "/home/dopperdude/logs/access_log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 3275 Found 0 dropped records, Found 0 corrupted records, Found 0 old records, Found 3275 new qualified records. [root@1038 awstats]#
Looking good. Let's see how it looks in the browser:
http://www.dopperdude.com/awstats/awstats.pl?config=dopperdude
Redirect /report/ http://www.dopperdude.com/awstats/awstats.pl?config=dopperdude Redirect /stat/ http://www.dopperdude.com/awstats/awstats.pl?config=dopperdude
Now, there are a few more things to do: we need to limit the access to the right persons. You should not be able to do something like http://www.dopperdude.com/awstats/awstats.pl?config=solin
- i.e. investigating the “solin” statistics using the “dopperdude” website!
Also, ideally the awstats.SomeSiteOrOther.conf
files are set up automatically by Virtualmin, when we add new virtual hosts.
This link: http://awstats.sourceforge.net/docs/awstats_security.html is about implementing security measures for Awstats. If have chosen the 2nd option: users get to see their stats dynamically. Another option is to serve static html pages only, which makes it possible to restrict access to the Awstats “database”. Solin's clients will be able to hack into each others' statistics if they really try, but the easy way in is blocked.
First, make a password file in the Awstats directory that contains the perl script. Use the htpasswd
command with the -c
parameter to create a new file, and without the -c
parameter to just update the file. Be careful though: using -c
on an existing file will overwrite it!
[root@1038 awstats]# pwd /etc/awstats [root@1038 awstats]# /www/bin/htpasswd -c awstats.pwd dopperdude New password: Re-type new password: Adding password for user dopperdude
To have Apache use this awstats.pwd
file, add the following directives to Apache's httpd.conf
file:
<Directory "/var/www/awstats"> Options None AllowOverride None Order allow,deny Allow from all AuthType Basic AuthName stats AuthUserFile /etc/awstats/awstats.pwd require valid-user </Directory>
Now, go to http://www.dopperdude.com/awstats/awstats.pl?config=dopperdude and observe that you cannot get in unless you provide a valid username and password. This is a good thing.
To make it even better, shut this backdoor:
http://www.dopperdude.com/awstats/awstats.pl?config=solin
This backdoor allows Solin's clients to visit each others' statistics pages.
To activate the Awstats security measures, add the following lines to each awstats.someSiteOrOther.conf
file:
AllowAccessFromWebToAuthenticatedUsersOnly="1" AllowAccessFromWebToFollowingAuthenticatedUsers="dopperdude"
Of course, the users will be different for each virtual host (website).
The setup of an Awstats reporting function for a new virtual host can at least be automated partially. Take a look at the server templates for VirtualMin and add these lines:
Redirect /report/ http://www.${DOM}/awstats/awstats.pl?config=${USER} Redirect /stat/ http://www.${DOM}/awstats/awstats.pl?config=${USER}
There is also the option of installing the “Virtualmin AWstats Reporting” module. This add-on for Virtualmin promises to create Awstats reporting for each new virtual host. I have not had the time to figure out how (if) this works completely yet.
Here are all add-ons for Virtualmin: http://webadminmodules.sourceforge.net/?page=Virtualmin.