This topic describes how to enable the access log management feature in the SLB console. After you enable the feature, you can use Log Service to collect SLB access logs.
- An SLB instance is created. For more information, see Create an SLB instance.
- An HTTP or HTTPS listener is configured for the SLB instance. For more information, see Add an HTTP listener or Add an HTTPS listener.
- A project and a Logstore are created in the region where the SLB instance resides. For more information, see Create a project and a Logstore.
- Log on to the SLB console.
- In the upper-left corner of the page, select the region where the SLB instance resides.
- In the left-side navigation pane, choose .
- Authorize SLB to assume the AliyunLogArchiveRole role to access Log Service.
- If you have authorized SLB to assume the AliyunActionTrailDefaultRole role, skip this step.
- You must not delete the RAM role or revoke the permissions from the RAM role. Otherwise, logs cannot be shipped to Log Service.
- If you use a RAM user to log on to SLB, you must authorize the RAM user by using an Alibaba Cloud account. For more information, see Authorize a RAM user to use access logs.
- On the Access Logs (Layer-7) page, click Configure in the Actions column of the instance.
- In the Configure Logging dialog box, select an available project and a Logstore. , and then click OK.
After you complete the configuration, indexes are automatically created for the data in the selected Logstore. If indexes were created in the Logstore, the indexes are overwritten.