https://github.com/spithash/nginx-logresolver
Real-time Nginx log enhancer that resolves IPs to hostnames and optionally colorizes output using grc.
https://github.com/spithash/nginx-logresolver
bash-script log-parser logs nginx sysadmin
Last synced: 20 days ago
JSON representation
Real-time Nginx log enhancer that resolves IPs to hostnames and optionally colorizes output using grc.
- Host: GitHub
- URL: https://github.com/spithash/nginx-logresolver
- Owner: spithash
- Created: 2025-05-07T11:04:08.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-05-07T13:05:18.000Z (about 1 year ago)
- Last Synced: 2025-05-09T01:45:20.730Z (about 1 year ago)
- Topics: bash-script, log-parser, logs, nginx, sysadmin
- Language: Shell
- Homepage:
- Size: 17.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Nginx Log DNS Resolver
`nginx-logresolver` is a Bash script that processes Nginx access logs and resolves IP addresses to hostnames in real time. It improves the readability of logs by replacing IPs with their corresponding hostnames using system DNS resolution. The script optionally colorizes the output and checks if `dnsmasq` is installed to improve performance via local DNS caching.
## Why?
By default, Nginx logs contain raw IP addresses instead of hostnames. This is intentional: resolving hostnames requires DNS lookups, which are relatively slow and can degrade performance under high traffic.
However, hostnames can be helpful for:
- Identify traffic from known domains or bots
- Spot patterns in abuse or suspicious activity
- Debug or audit logs with more context
This script reads logs after they are written, performing DNS resolution on-the-fly without changing Nginx’s configuration or degrading its performance.
## Features
- Resolves IP addresses to hostnames in real time as logs are written.
- Checks if `dnsmasq` is installed and suggests using it for faster local DNS caching.
- Optional colored output via the `-c` / `--color` flag (requires `grc`).
- Skips confirmation prompts using the `-y` / `--yes` flag.
- Lightweight and minimal — pure Bash with no caching layer.
## Requirements
- `bash`
- `getent` for DNS resolution
- `grc` (optional, for colored output)
- `tail`
- `dnsmasq` (Not required in the script. It's optional but adds dns caching. you can use any other dns forwarder/resolver that enables query caching as well)
- Access to your Nginx logs (default: `/var/log/nginx/access.log` — can be customized)
## Installation
```bash
git clone https://github.com/spithash/nginx-logresolver.git
cd nginx-logresolver
chmod +x nginx-logresolver.sh
```
## Usage
### Basic usage:
```bash
./nginx-logresolver.sh
```
### With colorized output (requires grc):
```bash
./nginx-logresolver.sh -c
```
### Skip dnsmasq warning:
```bash
./nginx-logresolver.sh -y
```
## What It Does
- **Tails logs in real time**: Watches `/var/log/nginx/access.log` and processes new entries as they appear.
- **Resolves IPs to hostnames**: Uses `getent hosts` to replace the IP address in each log line with its corresponding hostname.
- **Suggests dnsmasq**: If `dnsmasq` is not found in common system paths, warns the user that enabling it will improve performance by caching DNS queries.
- **Adds color**: If `-c` is specified and `grc` is installed, applies syntax highlighting to logs using `grc`.
## Example Output
```text
host.example.com - - [07/May/2025:10:42:31 +0000] "GET /index.html HTTP/1.1" 200 1024 "-" "Mozilla/5.0"