How to display country code information from Apache log?

Are you looking for solution to display country code along with Apache log information for your analysis? This tutorial is going to shed you some lights on how to accomplish it. Apache log is a great resource that you can use it to study the traffics connected to your Apache server. The log provides you lots of useful information, such as IP address, useragent, HTTP status, and so on, but not for the country code information. For this, we are going to use IP2Location application to get the country code information for display together with Apache log information.

Basically for this tutorial, we are going to turn the below Apache log display (using tail command)
Existing Apache log display

to prepend with the country code information. For example, to display FR in front of 5.196.143.10 data row.
Existing Apache log display

Below are the steps to produce the above result:

  1. You need to install the IP2Location application. You can download the application using the below command. You may also visit https://www.ip2location.com/free/applications to find out the details.
    wget https://www.ip2location.com/downloads/ip2location-7.0.0.tar.gz
    							
  2. Unzip the tar file.
    tar -zxvf ip2location-7.0.0.tar.gz
    							
  3. Run the below commands to install the IP2Location application
    cd ip2location-7.0.0
    ./autogen.sh
    ./configure
    make
    make install
    							
  4. Download the IP2Location DB1 data file. I will recommend you to use the commercial IP2Location DB1 package as it provides you high data accuracy. However, for this tutorial, I will going to use the IP2Location DB1.LITE for the tutorial in case you have no access to the commercial version.
    Download the DB1.LITE using the below command
    wget http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.BIN.ZIP
    							
  5. Unzip the file and you shall get the IP2LOCATION-LITE-DB1.BIN file in the folder.
    unzip IP2LOCATION-LITE-DB1.BIN.ZIP							
    							
  6. Create a bash script to prepend and named it as add-country-code.sh. Open the bash script for editing. You can use any text editor for editing.
    vi add-country-code.sh							
    							
  7. Copy the following code and paste into the add-country-code.sh.
    #!/bin/bash
    
    country_code=''
    output_str=''
    
    while read -a row; do
    	# do ip to location lookup. This command assume the db1.bin file located at the same folder of this script
    	country_code="$(ip2location --datafile IP2LOCATION-LITE-DB1.BIN --ip ${row[0]} --noheading --field countryshort --format TAB)"
    	
    	#appending tab to recreate the apache log string
    	for item in "${row[@]}"
    	do
    		output_str+=$'\t'$item
    	done
    	
    	# prepend country code data to the apache string
    	echo $country_code$output_str
    	output_str=''
    done							
    							
    The above code read all Apache log data from the input, then process them recursively line by line and run the ip2location command to retrieve the countryshort information. Note: countryshort contains the 2-characters country code following the ISO3166 standard. Finally, the script will output the Apache log data prepended with countryshort information. In addition to the country code information, you may prepend other geolocation data such as region, city, and so on using the ip2location command. Type man ip2location to learn more.
  8. Save the add-country-code.sh bash script.
  9. Run the bash script using the below command. Note: access.log was the example of the Apache log file.
    bash add-country-code < access.log							
    							
  10. You shall see the country code information prepended on the display.
    Existing Apache log display

Happy coding!


Do you like this article? Share it with others by clicking the social media buttons below. We will write more articles related to this topic.