The operation logs of Network Load Balancer (NLB) record the operations that are performed on NLB instances by calling API operations or using the NLB console.
Background information
NLB is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage NLB resources. ActionTrail can deliver management events to Logstores in Simple Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and identify the causes of issues. For more information, see What is ActionTrail?
View operation logs
You can use one of the following methods to view NLB operation logs in the NLB console. You can select a method based on your business requirements.
Method | Description | Billing | Action |
Method 1: Basic event query | You can query events that are generated within the last 90 days for only one Alibaba Cloud account in one region. In addition, you can specify only one event property as the query condition for each event query. | The current version of ActionTrail is free of charge. | |
Method 2: Advanced event query | You can query events that are generated within more than 90 days across Alibaba Cloud accounts or regions by specifying multiple query conditions or executing custom SQL statements. | The current version of ActionTrail is free of charge. When you use advanced event queries, data is shipped to Simple Log Service. You are charged a small fee based on the billing rules of Simple Log Service or OSS. For more information, see the following topics: |
Basic event query
You can query events of specific types that are generated within the last 90 days.
- Log on to the NLB console.
In the left-side navigation pane, choose .
On the Operation Logs page, perform the following steps to filter events:
NoteIf the page for advanced event queries is displayed, click Switch to Event Query in the upper-right corner of the page.
Select an event type.
Event type
Option
Read/Write type
Valid values: Write and Read.
Username
Specify a username type. For example, user1 specifies a Resource Access Management (RAM) user.
Resource Type
Select a resource type.
Select a time period. You can query events within the last 90 days.
Click
to filter events.
Find the event that you want to manage and click the
icon. View detailed information about the event.
Click Event Detail.
The Event Detail message displays the record in XML. You can click the
icon to copy the record. Then you can paste the record to an on-premises machine or another destination.
Advanced event query
You can query events that occurred in multiple regions within more than 90 days by specifying custom filter conditions or executing SQL statements. You can perform advanced event queries in standard mode or simple mode based on your business requirements. For more information about the scenarios of standard mode and simple mode, see the following table.
Mode | Query method | Description | Example |
Standard mode (default) | Single-condition query | You can filter events by service name, event name, resource name, resource type, read/write type, username, AccessKey ID, source IP address, requester ID, account type, region, event source, or event ID. | To query all events that are generated by NLB within a period of time, use the default value for Service Name, and click Query. |
Multi-condition query | You can query events in multiple regions. | To query events in the China (Hangzhou) and China (Shanghai) regions, click Unfold and select China (Hangzhou) and China (Shanghai) from the Region drop-down list. | |
Simple mode | Keyword-based query | You can enter a keyword in the search box based on your business requirements. | To query all write events, enter |
Single-condition query | You can specify a filter condition in the Who, What, Which, Where, or Other category to query events. | To query all events that are generated by NLB within a period of time, use the default value for Service Name, and click Query. | |
Multi-condition query | You can specify multiple filter conditions in the Who, What, Which, Where, and Other categories to query events. | To query the events that are generated by Alex in ActionTrail, enter | |
NOT operator-based query | You can specify multiple filter conditions and change the operator in front of a filter condition that you want to exclude to the NOT operator. | To query events that are not generated by Alex in ActionTrail, enter |
- Log on to the NLB console.
In the left-side navigation pane, choose .
The first time that you view operation logs, click Enable Advanced Event Query.
In the Enable Advanced Event Query panel, select Create Trail or Select an existing trace.
Enter a trail name.
Click Activate to activate Simple Log Service.
NoteBefore you ship audit events to Logstores in Simple Log Service, you must activate and grant the required permissions to Simple Log Service. After you activate and grant the required permissions to Simple Log Service, audit events are automatically stored in the Logstores that you specify.
You are charged a small fee for using Simple Log Service. The fee is estimated based on the number of events in the last 30 days. For more information, click View Trail Cost Estimation.
Click OK.
On the Operation Log page, use one of the following methods to view operation logs:
NoteBy default, if you do not specify filter conditions, all events are queried.
Method 1: Standard mode (default)
Specify filter conditions.
Click Query.
Method 2: Simple mode
Click Switch to the simple mode.
Specify filter conditions or query statements in the search box.
You can specify a filter condition in the Who, What, Which, Where, or Other category to query events.
Click Query.
Find the event that you want to manage and click the
icon. View detailed information about the event.
Click Event Detail.
The Event Detail message displays the record in XML. You can click the
icon to copy the record. Then you can paste the record to an on-premises machine or another destination.
After you perform an advanced event query, you can perform the following operations on the Operation Logs page:
To perform basic event queries, click Switch to Event Query on the right side of the page.
You are charged for shipping logs to Simple Log Service. To stop the billing, perform the following steps:
Click the name of the trail. On the details page of the trail, turn off Trail Status.
Return to the Operation Logs page in the NLB console, click the hyperlink to Simple Log Service, move the pointer over the Logstore that you want to delete, and then choose
> Delete.
To disable the advanced event query feature, perform the following steps:
Click the name of the trail. In the left-side navigation pane, click Trails. On the Trails page, turn off Advanced Event Query.
Return to the Operation Logs page in the NLB console and refresh the page. The Operation Logs page for basic event queries appears.
NLB audit events
Event name | Description |
GetGlobalLoadBalancerSummary | Queries statistics about NLB. |
Create | Purchases NLB on the buy page. |
Release | Releases a resource such as an instance. |
DisableLoadBalancerIpv6Internet | Changes the network type of an NLB instance from public IPv6 to private IPv6. |
EnableLoadBalancerIpv6Internet | Changes the network type of an NLB instance from private IPv6 to public IPv6. |
DetachCommonBandwidthPackageFromLoadBalancer | Disassociates an elastic IP address (EIP) bandwidth plan from an NLB instance. |
StopListener | Disables a listener. |
CreateLoadBalancer | Creates an NLB instance. |
CreateServerGroup | Creates a server group. |
CreateListener | Creates a listener. |
CreateSecurityPolicy | Creates a custom security policy. |
DeleteSecurityPolicy | Deletes a security policy. |
DeleteServerGroup | Deletes a server group. |
DeleteListener | Deletes a listener. |
DeleteLoadBalancer | Deletes an NLB instance. |
UntagResources | Removes tags from a resource. |
UpdateLoadBalancerAddressTypeConfig | Changes the network type. |
StartListener | Enables a listener. |
UpdateLoadBalancerProtection | Modifies deletion protection settings. |
UpdateServerGroupServersAttribute | Modifies the configurations of backend servers. |
UpdateSecurityPolicyAttribute | Modifies the attributes of a security policy. |
UpdateServerGroupAttribute | Modifies the configurations of a server group. |
UpdateListenerAttribute | Modifies the configurations of a listener. |
UpdateLoadBalancerZones | Modifies the zones of an NLB instance. |
UpdateLoadBalancerAttribute | Modifies the attributes of an NLB instance. |
ListListenerCertificates | Queries the certificates of a listener that uses SSL over TCP. |
DescribeZones | Queries zones. |
ListServerGroupServers | Queries backend servers. |
DescribeRegions | Queries regions. |
ListSecurityPolicy | Queries a security policy. |
GetJobStatus | Queries the result of an asynchronous task. |
ListServerGroups | Queries server groups. |
ListListeners | Queries listeners. |
GetListenerHealthStatus | Queries the health check status of a listener. |
GetListenerAttribute | Queries the attributes of a listener. |
ListSystemSecurityPolicy | Queries system security policies. |
ListLoadBalancers | Queries NLB instances. |
GetLoadBalancerAttribute | Queries the details of an NLB instance. |
ListTagResources | Queries the tags that are added to resources. |
AddServersToServerGroup | Adds backend servers to a server group. |
RemoveServersFromServerGroup | Removes backend servers from a server group. |
LoadBalancerJoinSecurityGroup | Adds an NLB instance to a security group. |
TagResources | Adds tags to resources. |
LoadBalancerLeaveSecurityGroup | Removes an NLB instance from a security group. |
AttachCommonBandwidthPackageToLoadBalancer | Associates an Internet Shared Bandwidth with an NLB instance. |