This topic describes how to enable the access log management feature in the Server Load Balancer (SLB) console. After you enable the feature, you can collect Layer 7 access logs of Classic Load Balancer (CLB) to Log Service.

Prerequisites

Procedure

Important Before you can use a Resource Access Management (RAM) user to enable the access log management feature, you must grant the required permissions to the RAM user. For more information, see RAM user authorization.
  1. Log on to the SLB console.
  2. In the top navigation bar, select the required region.
  3. In the left-side navigation pane, choose CLB (FKA SLB) > Logs > Access Logs.
  4. Authorize SLB to assume the AliyunLogArchiveRole role to access Log Service.
    This operation is required only when you enable the access log management feature for the first time. You must complete the authorization by using your Alibaba Cloud account.
    Warning Do not revoke permissions from the AliyunLogArchiveRole role or delete the role. Otherwise, CLB access logs cannot be sent to Log Service.
  5. On the Access Logs (Layer-7) page, find the CLB instance and click Configure Logging in the Actions column.
  6. In the Configure Logging panel, select the project and Logstore, and click OK.
    After you complete the configuration, Log Service automatically creates indexes for the Logstore. If indexes were already created for the Logstore, the existing indexes are overwritten.

What to do next

OperationDescription
Query access logsOn the Access Logs (Layer-7) page, find the CLB instance and click View Logs in the Actions column. For more information, see Query access logs.
Disable the access log management featureOn the Access Logs (Layer-7) page, find the CLB instance and click Delete in the Actions column. For more information, see Disable access logs.
Important The project and the logs that are sent to Log Service are not automatically deleted after you disable the access log management feature. To prevent unwanted fees after you disable the feature, we recommend that you manually delete the project in the Log Service console. For more information, see Delete a project.

What to do next

After Layer 7 CLB access logs are collected to Log Service, you can perform various operations on the collected logs in the Log Service console. For example, you can query, analyze, download, ship, and transform the logs. You can also configure alerts based on the logs. For more information, see Common operations on logs of Alibaba Cloud services.