All Products
Search
Document Center

Server Load Balancer:Configure a CLB access log

Last Updated:Jan 19, 2024

This topic describes how to configure an access log for a Classic Load Balancer (CLB) instance. If you use CLB Layer 7 listeners, you can use the access log data to debug errors, locate issues, and analyze user behaviors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors.

Limits

Only Layer 7 CLB listeners, including HTTP and HTTPS listeners, support access logs.

Prerequisites

Configure an access log

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Log.

  3. In the top navigation bar, select the region in which the CLB instance is deployed.

  4. The first time you use the access log feature, you must grant the required permissions to your account. Click Authorize Now. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.

    Note

    You only need to perform the authorization once.

    If you use a Resource Access Management (RAM) user, you must acquire the permissions from your Alibaba Cloud account. For more information, see Authorize a RAM user to use the access log feature.

  5. On the Access Logs (Layer-7) page, find the CLB instance that you want to manage and click Configure in the Actions column.

  6. In the Log Settings panel, configure the Project and Logstore parameters and click OK.

    • Project: used to isolate and manage resources in Simple Log Service.

    • Logstore: used to collect, store, and query log data in Simple Log Service.

    Note

    Make sure that the name of the project is unique and the region of the project is the same as that of the CLB instance.

    After the access log is enabled, you can query and search for log data by using the fields listed in the following table.

    Field

    Description

    body_bytes_sent

    The size of the HTTP response body. Unit: bytes.

    client_ip

    The client IP address.

    client_port

    The port number of the client that sends the request.

    host

    By default, the value is retrieved from the request parameters. If the host is not specified in the request parameters, the system retrieves the value from the Host header. If this value cannot be retrieved from the request parameters or the Host header, the IP address of the backend server is used.

    http_host

    The Host header of the HTTP request.

    http_referer

    The Referer header of the HTTP request received by CLB.

    http_user_agent

    The Http_User_Agent header of the HTTP request.

    http_x_forwarded_for

    The X-Forwarded-For header of the HTTP request.

    http_x_real_ip

    The real client IP address.

    read_request_time

    The amount of time that CLB takes to process the request. Unit: milliseconds.

    request_length

    The length of the request, including the start line, request headers, and the request body.

    request_method

    The request method.

    request_time

    The time duration between when CLB receives the first request and when CLB returns the response. Unit: seconds.

    request_uri

    The URI of the request received by CLB.

    scheme

    The scheme of the request. Valid values: HTTP and HTTPS.

    server_protocol

    The version of the HTTP protocol that is received by CLB. For example, HTTP/1.0 or HTTP/1.1.

    slb_vport

    The listener port of the ALB instance.

    slbid

    The ID of the ALB instance.

    ssl_cipher

    The cipher suite used to establish an SSL connection. Example: ECDHE-RSA-AES128-GCM-SHA256.

    ssl_protocol

    The protocol that is used to establish an SSL connection, for example, TLS 1.2.

    status

    The status of the response returned by CLB.

    tcpinfo_rtt

    The amount of time that is taken to establish a TCP connection. Unit: milliseconds.

    time

    The time when the log entry was generated.

    upstream_addr

    The IP address and port of the backend server.

    upstream_response_time

    The amount of time from when a connection is established to when the connection is closed. Unit: seconds.

    upstream_status

    The HTTP status code sent from a backend server to CLB.

    vip_addr

    The virtual IP address.

    write_response_time

    The amount of time that is taken to respond to the write request. Unit: milliseconds.

Query access log data

After you enable the access log feature, you can query access log data in the CLB console or the Log Service console.

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Log.

  3. In the top navigation bar, select the region in which the CLB instance is deployed.

  4. On the Access Log (Layer 7) page, find the CLB instance that you want to manage and click View Logs in the Actions column.

  5. Log entries are generated when clients access CLB. You can view the log data in Simple Log Service.

  6. Enter an SQL statement to query specified log data.

    For example, you can enter the following SQL statement to query the top 20 most active clients. You can analyze the request sources and make informed business decisions.

    * | select http_user_agent, count(*) as pv group by http_user_agent order by pv desc limit 20

Analyze access log data

The Simple Log Service dashboards display log data in multiple dimensions. You can use the dashboards to analyze access log data.

  1. On the page of the project that your CLB instance uses, move your pointer over the image.png icon in the left-side navigation pane and click Dashboards.

  2. Click the name of the access log, such as slb_layer7_access_center_en, to view log data.

Disable an access log

You no longer need to collect access data of your ALB instance, you can disable the access log.

  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Log.

  3. In the top navigation bar, select the region in which the CLB instance is deployed.

  4. On the Access Logs (Layer-7) page, find the instance that you want to manage and click Delete in the Actions column.

  5. In the message that appears, click OK. The project and Logstore in Simple Log Service are not deleted.

References

  • For more information about Simple Log Service, see What is Simple Log Service?.

  • For more information about CLB access logs, see Overview of CLB access logs.

  • If you use CLB Layer 7 listeners and want to troubleshoot errors on backend servers, you can analyze the access log data to locate errors. CLB is interfaced with Simple Log Service, which can record and store access logs of CLB to help you efficiently analyze log data and locate errors. For more information, see Use access logs to find unhealthy backend servers.