This topic describes how to enable the access log management feature in the Server Load Balancer (SLB) console. After you enable the feature, you can collect Layer 7 access logs of Classic Load Balancer (CLB) to Log Service.
Prerequisites
A CLB instance is created. For more information, see Create a CLB instance.
A Layer 7 listener, such as an HTTP or HTTPS listener, is configured for the CLB instance. For more information, see Add an HTTP listener or Add an HTTPS listener.
A project and a Logstore are created in the region where the CLB instance resides. For more information, see Create a project and a Logstore.
Procedure
Before you can use a Resource Access Management (RAM) user to enable the access log management feature, you must grant the required permissions to the RAM user. For more information, see RAM user authorization.
Log on to the SLB console.
In the top navigation bar, select the required region.
In the left-side navigation pane, choose .
Authorize SLB to assume the AliyunLogArchiveRole role to access Log Service.
This operation is required only when you enable the access log management feature for the first time. You must complete the authorization by using your Alibaba Cloud account.
WarningDo not revoke permissions from the AliyunLogArchiveRole role or delete the role. Otherwise, CLB access logs cannot be sent to Log Service.
On the Access Logs (Layer-7) page, find the CLB instance and click Configure Logging in the Actions column.
In the Configure Logging panel, select the project and Logstore, and click OK.
After you complete the configuration, Log Service automatically creates indexes for the Logstore. If indexes were already created for the Logstore, the existing indexes are overwritten.
What to do next
Operation | Description |
Query access logs | On the Access Logs (Layer-7) page, find the CLB instance and click View Logs in the Actions column. For more information, see Query access log data. |
Disable the access log management feature | On the Access Logs (Layer-7) page, find the CLB instance and click Delete in the Actions column. For more information, see Disable an access log. Important The project and the logs that are sent to Log Service are not automatically deleted after you disable the access log management feature. To prevent unwanted fees after you disable the feature, we recommend that you manually delete the project in the Log Service console. For more information, see Delete a project. |
What to do next
After Layer 7 CLB access logs are collected to Log Service, you can perform various operations on the collected logs in the Log Service console. For example, you can query, analyze, download, ship, and transform the logs. You can also configure alerts based on the logs. For more information, see Common operations on logs of Alibaba Cloud services.