All Products
Search

This Product

    Server Load Balancer:Configure a CLB access log

    Document Center

    Server Load Balancer:Configure a CLB access log

    Last Updated:Jan 19, 2024

    This topic describes how to configure an access log for a Classic Load Balancer (CLB) instance. If you use CLB Layer 7 listeners, you can use the access log data to debug errors, locate issues, and analyze user behaviors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors.

    Limits

    Only Layer 7 CLB listeners, including HTTP and HTTPS listeners, support access logs.

    Prerequisites

    Configure an access log

    1. Log on to the CLB console.

    2. In the left-side navigation pane, choose Logs > Access Log.

    3. In the top navigation bar, select the region in which the CLB instance is deployed.

    4. The first time you use the access log feature, you must grant the required permissions to your account. Click Authorize Now. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.

      Note

      You only need to perform the authorization once.

      If you use a Resource Access Management (RAM) user, you must acquire the permissions from your Alibaba Cloud account. For more information, see Authorize a RAM user to use the access log feature.

    5. On the Access Logs (Layer-7) page, find the CLB instance that you want to manage and click Configure in the Actions column.

    6. In the Log Settings panel, configure the Project and Logstore parameters and click OK.

      • Project: used to isolate and manage resources in Simple Log Service.

      • Logstore: used to collect, store, and query log data in Simple Log Service.

      Note

      Make sure that the name of the project is unique and the region of the project is the same as that of the CLB instance.

      After the access log is enabled, you can query and search for log data by using the fields listed in the following table.

      Field

      Description

      body_bytes_sent

      The size of the HTTP response body. Unit: bytes.

      client_ip

      The client IP address.

      client_port

      The port number of the client that sends the request.

      host

      By default, the value is retrieved from the request parameters. If the host is not specified in the request parameters, the system retrieves the value from the Host header. If this value cannot be retrieved from the request parameters or the Host header, the IP address of the backend server is used.

      http_host

      The Host header of the HTTP request.

      http_referer

      The Referer header of the HTTP request received by CLB.

      http_user_agent

      The Http_User_Agent header of the HTTP request.

      http_x_forwarded_for

      The X-Forwarded-For header of the HTTP request.

      http_x_real_ip

      The real client IP address.

      read_request_time

      The amount of time that CLB takes to process the request. Unit: milliseconds.

      request_length

      The length of the request, including the start line, request headers, and the request body.

      request_method

      The request method.

      request_time

      The time duration between when CLB receives the first request and when CLB returns the response. Unit: seconds.

      request_uri

      The URI of the request received by CLB.

      scheme

      The scheme of the request. Valid values: HTTP and HTTPS.

      server_protocol

      The version of the HTTP protocol that is received by CLB. For example, HTTP/1.0 or HTTP/1.1.

      slb_vport

      The listener port of the ALB instance.

      slbid

      The ID of the ALB instance.

      ssl_cipher

      The cipher suite used to establish an SSL connection. Example: ECDHE-RSA-AES128-GCM-SHA256.

      ssl_protocol

      The protocol that is used to establish an SSL connection, for example, TLS 1.2.

      status

      The status of the response returned by CLB.

      tcpinfo_rtt

      The amount of time that is taken to establish a TCP connection. Unit: milliseconds.

      time

      The time when the log entry was generated.

      upstream_addr

      The IP address and port of the backend server.

      upstream_response_time

      The amount of time from when a connection is established to when the connection is closed. Unit: seconds.

      upstream_status

      The HTTP status code sent from a backend server to CLB.

      vip_addr

      The virtual IP address.

      write_response_time

      The amount of time that is taken to respond to the write request. Unit: milliseconds.

    Query access log data

    After you enable the access log feature, you can query access log data in the CLB console or the Log Service console.

    1. Log on to the CLB console.

    2. In the left-side navigation pane, choose Logs > Access Log.

    3. In the top navigation bar, select the region in which the CLB instance is deployed.

    4. On the Access Log (Layer 7) page, find the CLB instance that you want to manage and click View Logs in the Actions column.

    5. Log entries are generated when clients access CLB. You can view the log data in Simple Log Service.

    6. Enter an SQL statement to query specified log data.

      For example, you can enter the following SQL statement to query the top 20 most active clients. You can analyze the request sources and make informed business decisions. 

      * | select http_user_agent, count(*) as pv group by http_user_agent order by pv desc limit 20

    Analyze access log data

    The Simple Log Service dashboards display log data in multiple dimensions. You can use the dashboards to analyze access log data.

    1. On the page of the project that your CLB instance uses, move your pointer over the image.png icon in the left-side navigation pane and click Dashboards.

    2. Click the name of the access log, such as slb_layer7_access_center_en, to view log data.

    Disable an access log

    You no longer need to collect access data of your ALB instance, you can disable the access log.

    1. Log on to the CLB console.

    2. In the left-side navigation pane, choose Logs > Access Log.

    3. In the top navigation bar, select the region in which the CLB instance is deployed.

    4. On the Access Logs (Layer-7) page, find the instance that you want to manage and click Delete in the Actions column.

    5. In the message that appears, click OK. The project and Logstore in Simple Log Service are not deleted.

    References

    • For more information about Simple Log Service, see What is Simple Log Service?.

    • For more information about CLB access logs, see Overview of CLB access logs.

    • If you use CLB Layer 7 listeners and want to troubleshoot errors on backend servers, you can analyze the access log data to locate errors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors. For more information, see Use access logs to find unhealthy backend servers.