Fact-checked by Grok 2 weeks ago

AWStats

AWStats (Advanced Web Statistics) is a free, open-source file analyzer designed to generate advanced, graphical statistics from web, streaming, FTP, and mail server files. It processes data to track key metrics such as visits, unique visitors, session durations, page views, download volumes, and error rates, supporting formats from servers like , IIS, and WebStar. Originally developed by Laurent Destailleur and first released on May 2, 2000, AWStats operates as a Perl-based script or command-line tool, enabling real-time analysis without requiring rare libraries. The software is distributed under the GNU General Public License (GPL) version 3 or later, allowing free use, modification, and distribution. Key features of AWStats include detection of over 269 countries/domains, 35 operating systems, 97 browsers (expandable to 450+ via plugins), 319 robots, and 115 search engines/phrases, with support for plugins like GeoIP for enhanced geolocation. It handles large log files efficiently, with benchmark speeds of up to 5200 lines per second in default configurations, and offers multilingual support across multiple platforms. The latest stable version, 8.0, was released on August 26, 2025, marking the end of active by the original author. As of November 2025, the project is deprecated and no longer actively developed. AWStats emphasizes security through static output and configurable access controls, making it suitable for web administrators seeking detailed, customizable reports without commercial dependencies.

Overview and History

Overview

AWStats (Advanced Web Statistics) is an open-source, Perl-based log file analyzer designed to process raw server logs from , FTP, , and streaming servers, generating comprehensive statistics reports in graphical format featuring tables and bar graphs. It excels at extracting insights from log data without requiring , making it accessible for system administrators and web developers seeking detailed . The tool's primary use cases involve tracking website traffic patterns, such as the number of visits and visitors, analyzing visitor behavior including domains, browsers, operating systems, and referrals, and monitoring server performance metrics like errors and usage derived directly from log files. By parsing formats from various servers, including Apache's NCSA combined, (CLF), extended log format (ELF), and Microsoft IIS W3C logs, AWStats provides a unified view of activity across different environments. AWStats operates in two main modes: as a script for on-demand dynamic report generation via a , allowing real-time filtering and updates, or via the command line for producing static files that can be scheduled for periodic regeneration. Its key benefits include being freely available under the GNU General Public License version 3, efficient processing of large log volumes through intermediary database files that store partial analysis data for faster subsequent runs, and broad compatibility with servers like and IIS without needing specialized libraries.

Development History

AWStats originated as a personal project in 1997, developed by French programmer Laurent Destailleur to analyze web server log files and generate statistics for his own websites. Destailleur, who later founded the Dolibarr ERP/CRM project, created the tool using Perl to address the need for a flexible, open-source log analyzer at a time when commercial alternatives dominated web analytics. The first public release, version 1.0, occurred on May 2, 2000, marking AWStats' availability as under the GNU General Public License. Initial versions focused on basic parsing of and other server logs, supporting common formats like NCSA and providing reports on visits, unique visitors, and bandwidth usage. Development progressed steadily through the early , with version 3.0 in 2001 introducing daily reports and enhanced log format support. Key milestones included the addition of referrer spam filtering in version 6.5, released on December 24, 2005, which introduced the SkipReferrersBlackList directive to exclude referrers and improve report accuracy amid rising web . In 2014, the project transitioned from SourceForge's CVS system to , facilitating better collaboration through merge requests and , as announced by Destailleur. This move aligned with broader open-source trends toward . The latest stable release, version 8.0, was issued on August 26, 2025, incorporating updates like modern robot databases while maintaining . This version signified the end of active development by Destailleur, who stated it would be his final major contribution after over two decades. Following the release, AWStats entered , but as of November 2025, the project has been deprecated with no further active development or community updates, and migration to alternatives like Matomo Log Analytics is recommended.

Features

Core Analytics Capabilities

AWStats provides a robust set of core capabilities by processing log files to extract key indicators related to . Among the primary traffic metrics, it calculates the number of unique visitors, total visits, pages viewed, hits, bandwidth usage in kilobytes, and average visit duration, offering insights into overall site engagement and resource consumption. These metrics enable administrators to quantify site popularity and identify trends in user interaction without requiring real-time monitoring. In visitor profiling, AWStats detects and categorizes users across 269 domains and countries, 45 operating systems, over 123 browsers (including mobile variants, totaling up to 482 with dedicated phone browser databases), and 381 types of robots or crawlers. This segmentation helps in understanding the demographic and technical diversity of the audience, such as the prevalence of specific operating systems like Windows or , or browsers including and . Additionally, it supports GeoIP integration via databases to resolve visitor locations to regions and cities, enhancing geographic profiling. Content analysis in AWStats focuses on user interactions with site resources, identifying the most viewed, entry, and pages to reveal navigation patterns and popular . It also tracks file types and downloads, such as PDFs and archives, alongside HTTP errors like 404s (including referrer details for ) and queries from 122 engines, capturing keywords and phrases to inform strategies. Time-based breakdowns provide granular views of usage patterns, including distributions by months, days of the week, hours of the day, and the most recent visits, allowing for analysis of peak traffic periods and seasonal variations in pages viewed, hits, and bandwidth.

Reporting and Customization Options

AWStats generates reports in two main formats to suit different user needs: dynamic CGI-based reports that enable real-time interactive filtering and static HTML pages designed for offline viewing and sharing. In CGI mode, activated by setting AllowToUpdateStatsFromBrowser=1 in the configuration file, users can apply dynamic filters such as selecting specific months, hosts, or referrers directly through a web interface, allowing on-the-fly data refinement without regenerating the entire report. Static HTML reports, produced via command-line execution with options like -output to specify the file path, provide a lightweight alternative that can be hosted independently or archived for historical analysis. Reports feature a range of visualizations to present data clearly, including bar graphs for trends in core metrics like hits and unique visitors, detailed tables for breakdowns such as codes or types, and customizable CSS-based themes to adjust colors and layouts for better . Multi-language support enhances accessibility, with interfaces available in 43 languages including English and , configured via the Lang directive to automatically detect and apply the appropriate localization. Graphical elements are rendered using built-in icons from the DirIcons directory, ensuring consistent presentation across reports. Customization options allow users to tailor reports extensively, primarily through plugins that add specialized functionality without altering the core code. For example, the GeoIP plugin, loaded with LoadPlugin="geoipfree", integrates GeoLite databases to enable detailed geographic reporting at and ISP levels, revealing visitor origins beyond basic . Other plugins support ISP-specific breakdowns or custom sections, while XML output—enabled by setting BuildReportFormat=[xhtml](/page/XHTML)—facilitates integration with external tools like processors for advanced manipulation. Dynamic filters in mode further personalize views by excluding or highlighting patterns via regex-based directives such as OnlyHosts or SkipFiles. AWStats also includes dedicated tools for niche reporting needs, such as web compression statistics for modules like mod_gzip or mod_deflate, which track input/output bytes when the log format includes fields like %gzipin and %gzipout, activated via ShowFileTypesStats=HB C. Authenticated user tracking captures login details from logs, displaying the number of unique authenticated visitors and their latest activity in dedicated report sections, enabled by setting ShowAuthenticatedUsers=1 in the ; access to reports can be restricted with directives like AllowAccessFromWebToAuthenticatedUsersOnly=1. These features ensure reports can be adapted for specific server environments and security requirements.

Technical Architecture

System Requirements and Compatibility

AWStats requires Perl version 5.007 or higher for operation, with support for distributions such as ActivePerl on Windows systems. Optional Perl modules, such as Geo::IP or Geo::IPfree, enable advanced plugins like geolocation features. The software exhibits strong cross-platform compatibility, running on Unix and distributions including RedHat and , as well as /2000, MacOS, and , without OS-specific dependencies thanks to its foundation. Hardware demands are minimal, allowing AWStats to handle log files of effectively unlimited size through efficient processing of partial or incremental files; however, enabling DNS lookups for resolution requires network connectivity. AWStats is compatible with various log formats, including Apache's combined and NCSA logs, IIS W3C extended logs, WebStar native format, and custom configurations. For scenarios involving split or multiple log files, the included logresolvemerge.pl tool facilitates merging and preprocessing.

Log Analysis Process

AWStats initiates the log analysis by reading input log files specified in the , processing them line by line in chronological order to handle unsorted or split logs efficiently. The begins with bypassing previously analyzed records to focus on new entries, followed by extracting key fields such as (%host), (%time1), HTTP method and (%methodurl), status code (%code), bytes transferred (%bytesd), referrer (%refererquot), and (%uaquot) using a regex-based LogFormat directive. This format, customizable for various server types like combined logs (LogFormat=1), enables flexible interpretation of log structures without requiring the entire file to be reloaded into memory. To enhance efficiency with large log volumes, AWStats employs partial updates that process only newly added lines, avoiding full re-parsing of historical , and utilizes temporary .tmp files for locking mechanisms during updates to prevent concurrent access issues. It also supports load balancing across multiple sources and optional DNS resolution for converting addresses to hostnames, which can be accelerated via caching in files like dnscache.txt or multithreaded tools. These techniques allow handling of high-traffic logs without excessive resource consumption, as demonstrated in processing examples where only qualified new records (e.g., 225,521 out of 225,730 lines) are analyzed. Preprocessing is facilitated by dedicated scripts to prepare non-standard or rotated logs for analysis. The maillogconvert.pl tool converts mail server logs from formats like Postfix or into an AWStats-compatible structure, supporting modes for standard or virtual admin logs. Similarly, logresolvemerge.pl merges multiple rotated or split log files into a single chronological stream, optionally performing DNS lookups to resolve hostnames in advance, thereby streamlining the main parsing phase. Upon completion, the extracted is aggregated and stored in , such as awstatsMMYYYY.txt files located in the DirData directory (defaulting to the current directory), which serve as lightweight, queryable structures for rapid report generation without repeated log scans. These maintain historical across monthly files, with optional in XML via the BuildHistoryFormat directive for .

Installation and Configuration

Setup Procedures

To set up AWStats, begin by downloading the latest stable release from the official project page, where it is distributed as a compressed archive such as a tarball or ZIP file. Unpack the archive into a suitable CGI directory on your , for example, /usr/local/awstats on systems or the appropriate CGI-bin folder on Windows servers running IIS or . This placement ensures the Perl scripts can be executed via the web server. Next, execute the initial setup script by navigating to the tools subdirectory within the unpacked AWStats directory and running perl awstats_configure.pl. This interactive script automatically detects the web server type (such as or IIS), prompts for site-specific details like the and log file location, generates a (e.g., awstats.mysite.conf), and sets appropriate file permissions for and functionality. The script requires to be installed on the system, as AWStats is a -based application compatible with most platforms including , Unix, and Windows. For log integration, edit the generated to specify the path to your server's access log file, such as /var/log/apache/access.log for on . Set the LogFile directive to the full path, configure LogType to "W" for standard web logs, and select the appropriate LogFormat (e.g., "1" for NCSA combined log format). To verify the setup, test log by running the command perl awstats.pl -config=mysite -update from the command line, which processes the log file and builds the initial statistics database without generating a report. To enable ongoing analysis, schedule periodic updates using system tools like on or the Task Scheduler on Windows. For instance, add a cron job entry such as 0 23 * * * /path/to/[perl](/page/Perl) /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=mysite -update to run daily at 11:00 PM, ensuring new log entries are parsed automatically. This automation keeps statistics current without manual intervention.

Configuration Directives

AWStats configuration is managed through a dedicated .conf file for each analyzed site, where users define parameters to customize log processing, filtering, and output behavior. These directives allow tailoring the tool to specific server environments and analysis needs, with most accepting string, integer, or boolean values. All directives are case-sensitive and can be set as key-value pairs in the , overriding default behaviors to optimize performance and accuracy. Core directives establish the foundational setup for log analysis. The LogFile directive specifies the full path to the log file being analyzed, supporting dynamic placeholders such as %YYYY-%MM-%DD for date-based log rotation (e.g., LogFile="/var/log/[httpd](/page/Httpd)/access.%YYYY-%MM-%DD.log"). The LogType parameter determines the log category, with options like "W" for logs, "M" for logs, or "F" for FTP logs; the default is "W" for standard analysis. SiteDomain sets the primary for resolving full URLs in reports (e.g., SiteDomain="www.[example.com](/page/Example.com)"), aiding in accurate traffic attribution. Additionally, DNSLookup controls resolution, where 0 disables lookups for speed, 1 enables full DNS queries, and 2 uses a static ; the default is 2 to balance performance and detail. Filtering options help exclude irrelevant data to focus on meaningful metrics. SkipFiles defines patterns or specific URLs to ignore during analysis, such as static assets (e.g., SkipFiles="REGEX[^/icons/]" to skip icon directories). NotPageList lists file extensions or patterns not counted as full pages, like images or scripts (e.g., NotPageList="css js gif jpg jpeg png bmp"), with a default excluding common non-content files such as "css js class gif jpg png rss xml swf". For spam mitigation, LevelForWormsDetection sets the detection intensity, with 0 disabling it, 1 enabling medium filtering, and 2 activating full checks; the default is 0 to avoid false positives. Report settings influence localization and access controls. The Lang directive selects the interface language, such as "en" for English or "auto" to detect based on browser settings; the default is "auto" for multilingual support. AllowToUpdateStatsFromBrowser restricts direct updates via web interface for security, defaulting to 0 (disabled) to prevent unauthorized modifications. Similarly, SaveDatabaseFilesWithPermissionsForEveryone controls file permissions for generated databases, with 0 (default) limiting access to the owner only, enhancing data protection. Plugin loading extends functionality through modular additions. The LoadPlugin directive imports external modules, specified as the plugin name followed by its path (e.g., LoadPlugin="geoip /usr/local/lib/site_perl/GeoIP.pm" for IP geolocation). Multiple plugins can be loaded sequentially, enabling features like custom metrics without altering core code.

Security and Maintenance

Security Vulnerabilities and Protections

AWStats has faced several historical security vulnerabilities, primarily related to , (XSS), and directory traversal. In versions 6.3 and 6.4, a direct vulnerability in awstats.pl allowed remote attackers to execute arbitrary code through the parameter, as documented in CVE-2005-0436. Additionally, multiple XSS vulnerabilities in the AWStats Totals add-on (versions 1.0 through 1.14) permitted attackers to inject arbitrary web scripts or via the month and year parameters, identified under CVE-2008-3921. Directory traversal issues have affected various versions; for instance, CVE-2017-1000501 allowed unauthorized access prior to 7.7, while more recently CVE-2020-29600 (through 7.7) enabled absolute pathname traversal in the config parameter of awstats.pl, and CVE-2020-35176 (through 7.8) involved partial absolute pathnames in the same script, both exploitable remotely. To address these and other risks, AWStats incorporates built-in protections, particularly from version 7.0 onward. This release introduced fixes for directory traversal in the LoadPlugin feature and restricted access to prevent external exploitation via paths like NFS or . Subsequent updates enhanced parameter sanitization to mitigate XSS in URLs and scripts, with further refinements in versions 7.7 and 7.9 explicitly targeting XSS vulnerabilities and input validation gaps, including fixes for CVE-2017-1000501, CVE-2020-29600, and CVE-2020-35176. control options include AllowAccessFromWebToAuthenticatedUsersOnly=1, which enforces realm-based authentication (e.g., via Apache's .htaccess) before displaying reports, and AllowAccessFromWebToFollowingIPAddresses for IP-based whitelisting to limit exposure. Additionally, setting SaveDatabaseFilesWithPermissionsForEveryone=0 ensures database files retain restrictive permissions, preventing unauthorized reads by processes. Best practices for securing AWStats emphasize minimizing attack surfaces. Administrators should prefer generating static reports (using the -output and -staticlinks options) over execution to avoid dynamic script vulnerabilities, storing outputs in protected directories accessible only via authenticated realms. Enabling restrictions via AllowAccessFromWebToFollowingIPAddresses and disabling browser-based updates (AllowToUpdateStatsFromBrowser=0 by default) further reduce risks, as does regularly applying updates—the project's page has not been updated since December 2016, but vulnerabilities identified after that date were addressed in versions up to 7.9, with no new vulnerabilities reported as of November 2025. Key risk factors include deploying AWStats in mode on publicly accessible servers, which amplifies exposure to injection and traversal attacks if unpatched, especially in legacy versions predating 7.0. Unmaintained installations of older releases, such as those vulnerable to CVE-2005-0436 or CVE-2020-35176, remain susceptible without upgrades, underscoring the importance of configuration hardening alongside timely patching.

Community Support and Updates

AWStats provides users with a range of official resources for support and maintenance, primarily hosted on its project page at awstats.sourceforge.io. These include comprehensive documentation available both online and as a downloadable PDF (awstats.pdf), which covers setup, , and in detail. Additionally, a dedicated Frequently Asked Questions () section addresses common issues, such as log file compatibility and concerns during implementation. The news page, last updated in 2016 with no active alerts reported, serves as a central hub for announcements regarding known vulnerabilities and patches. For community engagement, AWStats relies on open-source hosted on , including a general open discussion board for user queries and a developers' requiring a SourceForge account for contributions and technical discussions. Users can submit issues, report bugs, and propose enhancements through the project's repository at github.com/eldy/awstats, which has served as the source for code contributions since its establishment around 2014. The also contributes plugins and extensions, documented on the contribs , allowing for specific log analysis needs without backing. While no formal support exists, the tool integrates seamlessly with related open-source projects like Dolibarr /—developed by the same author, Laurent Destailleur—via a dedicated that embeds AWStats reporting into the ERP interface. emphasizes AWStats' strengths as a self-hosted alternative to tools like Webalizer, highlighting its -driven extensibility for privacy-focused analytics. Updates to AWStats are handled through manual downloads of new versions from the project page or releases, with the latest stable release being version 8.0 on August 26, 2025. For ongoing log processing, users typically configure jobs or custom scripts to automate statistics updates, as outlined in the official setup documentation. Following the release of version 8.0, the project entered maintenance mode under the original author's stewardship, limiting future changes to bug fixes with no new major features planned; any additional maintenance is expected to emerge from community efforts. This approach underscores AWStats' commitment to stability for existing self-hosted deployments.