a javascript cli tool for injesting and decoding nginx logs for bots checking in to your ip address. this tool was created because i noticed in my website logs that there seemed to be raw (non-http) requests coming in on port 443 that contained information about hacked machines. by parsing the format and decoding the base64 strings i was able to create a cli tool which allows you to easily record and view check-ins from bots, using GeoIP ASN/Country/City data to provide geo-location.
maxmind^5.0.6
sqlite^6.0.1
you can find geo-ip .mmdb files from this github repo: https://github.com/P3TERX/GeoLite.mmdb. place both country and ASN files into the capture.js working directory.
capture data from file:
node capture.js /path/to/log/file
open shell and view data:
node capture.js --shell