Posted in Publishing, Technology

How to install and configure Awstats web statistics for WordPress and for other sites

Published 2019-08-27, Updated 2020-07-06 with settings for different types of URLs.

Awstats is a statistics/analysis tool that collects data from visitors who view a web site. It tallies up data into a database so that you can view historical statistics and compare it to today’s numbers. Awstats gets its data from a web server log files, such as Apache, that exist on every web site. Awstats can analyze web, email, and ftp server data. Statistics for the number of visitors, most visited pages, referrers, search engines, browser products, keywords, and other information is displayed on the dashboard.

I am administering WordPress sites that already are collecting statistics inside the CMS (content management system) using plugins. WordPress plugins, however don’t have a clue what is happening outside its own world. That’s where Awstats, Webalizer and similar statistic tools can help. They provide valuable information about search engines, keywords, possible hackers, and many other things web site admins want to be aware of.

This Awstats installation and configuration guide has been tested on Debian 8 (Jessie) and Debian 10 (Buster), both running Apache 2.4. I happen to run WordPress servers, but Awstats doesn’t make a difference if you are running Drupal, Joomla, or another server. If you are running a Windows server, this article has instructions for it.

You should be comfortable with editing Linux configuration files to succeed with the Awstats installation. It also means you need root access to the system (or sudo).

Install Awstats on Debian

Open Terminal access to your server and type the installation command:
apt-get install awstats

Once the installation routine is completed, make a copy of the Awstats definitions file:
cp /etc/awstats/awstats.conf /etc/awstats/awstats.mysite.com.conf
(replace mysite.com with your actual domain name)

Edit the file awstats.mysite.com.conf as follows (these are the default values that usually work):
LogFile="/var/log/apache2/access.log"
LogFormat=1
SiteDomain="mysite.com"
HostAliases=”www.mysite.com mysite.com”
DNSLookup=0
AllowFullYearView=3
LoadPlugin="tooltips"

Open the Apache configuration file /etc/apache2/sites-available/mysite.conf (mysite is your conf file name) and insert the following lines into the file:
Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon/ "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
ScriptAlias /awstats/ /usr/lib/cgi-bin/
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Type the following commands to activate the changes in the Apache configuration:
a2enmod cgi
systemctl restart apache2

You can see how the installation is progressing by pointing your web browser to:
http://mysite.com/cgi-bin/awstats.pl

If a statistics web page is displayed, you are on the right path. The top line displays the time when statistics were updated. It probably reads ‘Never updated’. It is all right, you just have to manually run the first update.

Back in the Terminal, type the following command to initialize Awstats:
perl /usr/lib/cgi-bin/awstats.pl -config=mysite.com -update

When the statistics data has been initialized, Awstats displays the number of lines it found as qualified records, blank records, and other information.

Re-check the statistics page in your web browser:
http://mysite.com/cgi-bin/awstats.pl

If statistics figures and ip addresses are displayed on the page, the basic installation is done. It is, however, quite likely that you have to configure Awstats a little bit more so that it automatically runs in the background, and you may want to allow access to authorized people only. Read on for further instructions.

Configure Awstats to automatically update the statistics

During installation, Awstats sets an interval how often it automatically updates the statistics. However, extra tweaks are required to make it work.

From data in log file "/var/log/apache2/access.log"…
Error: Couldn't open server log file "/var/log/apache2/access.log" : Permission denied

If you see error messages telling that Awstats doesn’t have permission to access apache2 log file, check the access rights in the system for log files. Awstats update process runs in the background as user www-data that needs read access to the Apache log files.

Problems with access rights can be tricky to solve. Here is an article for further instructions.

Display country names instead of IP addresses in Awstats

The following software packages must be installed for the country resolution function (Geoip) to work in Awstats:
apt-get install libgeo-ip-perl
apt-get install libgeo-ipfree-perl

It takes a little time to download because a large table with country names and ip addresses is downloaded.

Edit the Awstats configuration file /etc/awstats/awstats.mysite.com.conf
Makes sure the following line is uncommented:
LoadPlugin="geoipfree"
Save the file and restart Apache:
systemctl restart apache2

If Awstats doesn’t count all pages

If you suspect Awstats is not tallying up all your pages, and your site’s URL structure is something like https://mysite.com/?p=3021, you have to change the default settings. The link structure is common, for instance, in default WordPress installations. Open the Awstats configuration file /etc/awstats/awstats.mysite.com.conf. Find the line:

URLWithQuery=

The default value is 0, which explains why Awstats doesn’t recognize that p=3021 is a page id. Change the URLWithQuery value to 1, and the pages will be included in the statistics. If your site has more complex URL structure, Awstats has more settings to tweak.

Protect your statistics with a password

The statistic information collected by Awstats is available to the entire digital world if you don’t prevent public access to it. A basic, simple way of restricting access is to set up a http password.

Edit the apache2 configuration file /etc/apache2/sites-available/mysite.conf.

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AuthType Basic
AuthName " Hello! "
AuthUserFile /usr/lib/cgi-bin/.htpasswd
Require valid-user
Order allow,deny
Allow from all

Apache must be restarted:
systemctl restart apache2

If you don’t already have a Linux password that can be used for this purpose, the command htpasswd can do it for you. For instance:
htpasswd -cb /usr/lib/cgi-bin/.htpasswd username password
The ‘username’ and ‘password’ should be set something not too easy to guess.

That’s it for the Awstats configuration. Comparing statistics that draw their data from different sources, such as from web server log files and from visitor data available inside an CMS, has proven to be valuable for our admins.

One more thing: how to configure Awstats for multiple virtual hosts

Here are your questions answered for setting up Awstats to collect statistics for multiple virtual hosts (web sites) that are managed by one Apache server.