All Products
Search
Document Center

Server Load Balancer:Configure a CLB access log

Last Updated:Nov 13, 2024

This topic describes how to configure an access log for a Classic Load Balancer (CLB) instance. If you use CLB Layer 7 listeners, you can use the access log data to debug errors, locate issues, and analyze user behaviors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors.

Limits

Only Layer 7 CLB listeners, including HTTP and HTTPS listeners, support access logs.

Prerequisites

Configure an access log

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Log.

  3. In the top navigation bar, select the region in which the CLB instance is deployed.

  4. The first time you use the access log feature, you must grant the required permissions to your account. Click Authorize Now. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.

    Note

    You only need to perform the authorization once.

    If you use a Resource Access Management (RAM) user, you must acquire the permissions from your Alibaba Cloud account. For more information, see Authorize a RAM user to use the access log feature.

  5. On the Access Logs (Layer-7) page, find the CLB instance that you want to manage and click Configure in the Actions column.

  6. In the Log Settings panel, configure the Project and Logstore parameters and click OK.

    • Project: used to isolate and manage resources in Simple Log Service.

    • Logstore: used to collect, store, and query log data in Simple Log Service.

    Note

    Make sure that the name of the project is unique and the region of the project is the same as that of the CLB instance.

    After the access log is enabled, you can query and search for log data by using the fields listed in the following table.

    Field

    Description

    body_bytes_sent

    The size of the HTTP response body. Unit: bytes.

    client_ip

    The client IP address.

    client_port

    The port number of the client that sends the request.

    host

    By default, the value is retrieved from the request parameters. If the host is not specified in the request parameters, the system retrieves the value from the Host header. If this value cannot be retrieved from the request parameters or the Host header, the IP address of the backend server is used.

    http_host

    The Host header of the HTTP request.

    http_referer

    The Referer header of the HTTP request received by CLB.

    http_user_agent

    The Http_User_Agent header of the HTTP request.

    http_x_forwarded_for

    The X-Forwarded-For header of the HTTP request.

    http_x_real_ip

    The real client IP address.

    read_request_time

    The amount of time that CLB takes to process the request. Unit: milliseconds.

    request_length

    The length of the request, including the start line, request headers, and the request body.

    request_method

    The request method.

    request_time

    The time duration between when CLB receives the first request and when CLB returns the response. Unit: seconds.

    request_uri

    The URI of the request received by CLB.

    scheme

    The scheme of the request. Valid values: HTTP and HTTPS.

    server_protocol

    The version of the HTTP protocol that is received by CLB. For example, HTTP/1.0 or HTTP/1.1.

    slb_vport

    The listener port of the CLB instance.

    slbid

    The ID of the CLB instance.

    ssl_cipher

    The cipher suite used to establish an SSL connection. Example: ECDHE-RSA-AES128-GCM-SHA256.

    ssl_protocol

    The protocol that is used to establish an SSL connection, for example, TLS 1.2.

    status

    The status of the response returned by CLB.

    tcpinfo_rtt

    The amount of time that is taken to establish a TCP connection. Unit: milliseconds.

    time

    The time when the log entry was generated.

    upstream_addr

    The IP address and port of the backend server.

    upstream_response_time

    The amount of time from when a connection is established to when the connection is closed. Unit: seconds.

    upstream_status

    The HTTP status code sent from a backend server to CLB.

    vip_addr

    The virtual IP address.

    write_response_time

    The amount of time that is taken to respond to the write request. Unit: milliseconds.

Query access log data

After you enable the access log feature, you can query access log data in the CLB console or the Log Service console.

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Log.

  3. In the top navigation bar, select the region in which the CLB instance is deployed.

  4. On the Access Log (Layer 7) page, find the CLB instance that you want to manage and click View Logs in the Actions column.

  5. Log entries are generated when clients access CLB. You can view the log data in Simple Log Service.

  6. Enter an SQL statement to query specified log data.

    For example, you can enter the following SQL statement to query the top 20 most active clients. You can analyze the request sources and make informed business decisions.

    * | select http_user_agent, count(*) as pv group by http_user_agent order by pv desc limit 20

Analyze access log data

The Simple Log Service dashboards display log data in multiple dimensions. You can use the dashboards to analyze access log data.

  1. On the page of the project that your CLB instance uses, move your pointer over the image.png icon in the left-side navigation pane and click Dashboards.

  2. Click the name of the access log, such as slb_layer7_access_center_en, to view log data.

Disable access logs

If you no longer need to collect access data of your CLB instance, you can disable access logs.

Note

The log project and Logstore as well as historical logs are not deleted after you disable access logs for your CLB instance. You can still access the data in Simple Log Service.

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Log.

  3. In the top navigation bar, select the region in which the CLB instance is deployed.

  4. On the Access Logs (Layer-7) page, find the instance that you want to manage and click Disable Logging in the Actions column.

  5. In the message that appears, click OK.

References