This topic describes how to configure an access log for a Classic Load Balancer (CLB) instance. If you use CLB Layer 7 listeners, you can use the access log data to debug errors, locate issues, and analyze user behaviors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors.
Limits
Only Layer 7 CLB listeners, including HTTP and HTTPS listeners, support access logs.
Prerequisites
A CLB instance is created. For more information, see Create and manage a CLB instance.
A vServer group is created. For more information, see Create and manage a vServer group. Backend servers are added to the vServer group, and applications are deployed on the backend servers.
An HTTP or HTTPS listener is created for the CLB instance. For more information, see Add an HTTP listener and Add an HTTPS listener.
Simple Log Service is activated. For more information, see Activate Simple Log Service.
Configure an access log
- Log on to the CLB console.
In the left-side navigation pane, choose
.In the top navigation bar, select the region in which the CLB instance is deployed.
The first time you use the access log feature, you must grant the required permissions to your account. Click Authorize Now. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.
NoteYou only need to perform the authorization once.
If you use a Resource Access Management (RAM) user, you must acquire the permissions from your Alibaba Cloud account. For more information, see Authorize a RAM user to use the access log feature.
On the Access Logs (Layer-7) page, find the CLB instance that you want to manage and click Configure in the Actions column.
In the Log Settings panel, configure the Project and Logstore parameters and click OK.
Project: used to isolate and manage resources in Simple Log Service.
Logstore: used to collect, store, and query log data in Simple Log Service.
NoteMake sure that the name of the project is unique and the region of the project is the same as that of the CLB instance.
After the access log is enabled, you can query and search for log data by using the fields listed in the following table.
Field
Description
body_bytes_sent
The size of the HTTP response body. Unit: bytes.
client_ip
The client IP address.
client_port
The port number of the client that sends the request.
host
By default, the value is retrieved from the request parameters. If the host is not specified in the request parameters, the system retrieves the value from the Host header. If this value cannot be retrieved from the request parameters or the Host header, the IP address of the backend server is used.
http_host
The Host header of the HTTP request.
http_referer
The Referer header of the HTTP request received by CLB.
http_user_agent
The Http_User_Agent header of the HTTP request.
http_x_forwarded_for
The X-Forwarded-For header of the HTTP request.
http_x_real_ip
The real client IP address.
read_request_time
The amount of time that CLB takes to process the request. Unit: milliseconds.
request_length
The length of the request, including the start line, request headers, and the request body.
request_method
The request method.
request_time
The time duration between when CLB receives the first request and when CLB returns the response. Unit: seconds.
request_uri
The URI of the request received by CLB.
scheme
The scheme of the request. Valid values: HTTP and HTTPS.
server_protocol
The version of the HTTP protocol that is received by CLB. For example, HTTP/1.0 or HTTP/1.1.
slb_vport
The listener port of the ALB instance.
slbid
The ID of the ALB instance.
ssl_cipher
The cipher suite used to establish an SSL connection. Example: ECDHE-RSA-AES128-GCM-SHA256.
ssl_protocol
The protocol that is used to establish an SSL connection, for example, TLS 1.2.
status
The status of the response returned by CLB.
tcpinfo_rtt
The amount of time that is taken to establish a TCP connection. Unit: milliseconds.
time
The time when the log entry was generated.
upstream_addr
The IP address and port of the backend server.
upstream_response_time
The amount of time from when a connection is established to when the connection is closed. Unit: seconds.
upstream_status
The HTTP status code sent from a backend server to CLB.
vip_addr
The virtual IP address.
write_response_time
The amount of time that is taken to respond to the write request. Unit: milliseconds.
Query access log data
After you enable the access log feature, you can query access log data in the CLB console or the Log Service console.
- Log on to the CLB console.
In the left-side navigation pane, choose
.In the top navigation bar, select the region in which the CLB instance is deployed.
On the Access Log (Layer 7) page, find the CLB instance that you want to manage and click View Logs in the Actions column.
Log entries are generated when clients access CLB. You can view the log data in Simple Log Service.
Enter an SQL statement to query specified log data.
For example, you can enter the following SQL statement to query the top 20 most active clients. You can analyze the request sources and make informed business decisions.
* | select http_user_agent, count(*) as pv group by http_user_agent order by pv desc limit 20
Analyze access log data
The Simple Log Service dashboards display log data in multiple dimensions. You can use the dashboards to analyze access log data.
On the page of the project that your CLB instance uses, move your pointer over the icon in the left-side navigation pane and click Dashboards.
Click the name of the access log, such as slb_layer7_access_center_en, to view log data.
Disable an access log
You no longer need to collect access data of your ALB instance, you can disable the access log.
- Log on to the CLB console.
In the left-side navigation pane, choose
.In the top navigation bar, select the region in which the CLB instance is deployed.
On the Access Logs (Layer-7) page, find the instance that you want to manage and click Delete in the Actions column.
In the message that appears, click OK. The project and Logstore in Simple Log Service are not deleted.
References
For more information about Simple Log Service, see What is Simple Log Service?.
For more information about CLB access logs, see Overview of CLB access logs.
If you use CLB Layer 7 listeners and want to troubleshoot errors on backend servers, you can analyze the access log data to locate errors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors. For more information, see Use access logs to find unhealthy backend servers.