A specialized IP geographic threat analysis tool built for GitLab, based on nginx log analysis, providing global access source visualization.
专为GitLab构建的IP地理威胁分析工具,基于gitlab内置的nginx日志分析,提供全球异常访问来源可视化。
- Run as a Docker container without local environment setup
- Deploy from source code
We've packaged the tool as a Docker image and pushed it to Alibaba Cloud Container Registry. You can directly pull and run it:
docker pull registry.cn-hangzhou.aliyuncs.com/qc123mjs/gitguard-analyzer:latestdocker run -d -p 5000:5000 -v /var/log/gitlab/nginx:/var/log/gitlab/nginx --name gitguard-analyzer gitguard-analyzer-p [Host Port]:[Container Port 5000] -v [Host Directory]:[Container Directory /var/log/gitlab/nginx]
If you want to build the Docker image yourself:
cd /GitGuard-Analyzer
docker build -t gitguard-analyzer .ipanalyzer/
├── nginx_ip_geo_stats.py# Main application file
├── map/# Map data directory
│ ├── dbip_geo.txt# Geographic text data
│ ├── dbip_index.bin# Binary index (need to unzip due to upload limits)
│ └── dbip_tobin.py# Data conversion tool
├── dbip-city-lite-2025-09.csv # IP database (too large, download when needed)
└── gitlab_error.log# Error log (for testing)
LOG_DIR = "/var/log/gitlab/nginx/"# Nginx log directory
BIN_INDEX_PATH = "map/dbip_index.bin" # Binary index path
GEO_TEXT_PATH = "map/dbip_geo.txt"# Geographic text path| Feature | Status | Description |
|---|---|---|
| 🌍 IP Geographic Distribution | ✅ | Global access source visualization |
| 📊 Real-time Log Analysis | ✅ | Support .gz compressed logs |
| 🗺️ Interactive Map | ✅ | Folium heatmap |
| ⏰ Multiple Time Granularities | ✅ | Day/Week/Month analysis |
| 🇨🇳 Chinese Support | ✅ | Complete Chinese font support |
- Log Parsing: Read GitLab's built-in nginx logs including gitlab_error.log and gitlab_error.log.*.gz, extract IP, timestamp, URL using regex
- IP Geolocation: Convert IP to integer format, binary search to match IP ranges
- Data Statistics: Multi-dimensional access frequency statistics, time aggregation analysis
- Visualization: Matplotlib charts + Folium interactive maps
- IP conversion algorithm: IPv4 to 32-bit integer for fast lookup
- Binary search optimization: O(log n) efficient IP matching
- Multi-threaded processing: Concurrent log file processing
- Memory mapping: Binary indexing reduces memory usage
- Install Dependencies:
pip install -r requirements.txt- Prepare Data [Execute only when updating map information]:
python3 map/dbip_tobin.py- Start Application:
python3 nginx_ip_geo_stats.py- Access Interface:
http://localhost:5000
- 🚀 Single-file core application
- 📊 Rich data visualization
- 🔧 Cross-platform support
- 📈 Production environment ready
- ⚡ High-performance processing
Source: DB-IP free geographic database Format: Start IP|End IP|Country Code|Country|Region|City|Latitude|Longitude Update: Monthly download from https://db-ip.com
Function: CSV to binary index conversion
- IP range indexing: 12 bytes/record (start IP + end IP + location offset)
- Location deduplication: Reduces storage space
- Performance improvement: 10-100x faster than CSV queries
Figure 1: System Dashboard Interface
Figure 2: URL Access Frequency Statistics
Figure 3: Time Distribution Chart
Figure 4: Detailed Analysis Page
This project recommends using Python 3.6+ version
numpy==1.26.4
Flask==2.3.3
folium==0.20.0
matplotlib==3.9.2
pandas==2.2.2
seaborn==0.13.2
gevent==23.9.1
gunicorn==21.2.0
Jinja2==3.1.2 This project is licensed under the GNU General Public License v3.0.
- ✅ Free use, modification, and distribution allowed
- ✅ Derivative works must be open source
- ✅ Copyright notices must be preserved
- ✅ Same license must be adopted
- 📝 Changes must be clearly documented
Complete license content please see LICENSE file
📞 Issue Reporting | ✨ Feature Requests | 🐛 Bug Reports
© 2025 IPGeoAnalyzer Project Team. GPL-3.0 License.