Integrated with Alibaba Cloud Log Service, you can analyze the access logs of a Server Load Balancer instance to understand the behavior and geographical distribution of client users and troubleshoot problems.

What are access logs?

The access logs collect detailed information of all requests sent to a Server Load Balancer instance, including the request time, client IP address, latency, request URL, server response, and so on. As the entry of Internet access, Server Load Balancer receives massive client requests. You can use access logs to analyze user behavior and geographical distribution, and troubleshoot.

After you enable the SLB access logs, you can store the access logs in the Logstore of SLS to collect and analyze the access logs. You can also disable access logs at any time.

There is no extra fee for Server Load Balancer access logs. You only need to pay for the Log Service.

  • Only Layer-7 Server Load Balancer supports configuring access logs and this function is available in all regions now.
  • Make sure that the HTTP header value does not contain ||, otherwise, the exported logs may be misplaced.


The following are benefits of Server Load Balancer access logs:

  • Easy to use

    Free developers and maintenance staff from tedious and time-consuming log processing so that they can concentrate on business development and technical research.

  • Cost-effective

    Access logs are typically massive. Processing access logs takes a lot of time and consumes a lot of resources. With Log Service, the access log processing is faster and cost-effective than self-build open-source solutions. Log Service can analyze one hundred million logs in one second.

  • Real-time

    Scenarios such as DevOps, monitoring, and alerting require real-time log data. Traditional data storage and analysis tools cannot meet this requirement. For example, it takes long time to ETL data to Hive where a lot of time is spent on data integration. Powered by its powerful big data computing capability, Log Service can process and analyze access logs in seconds.

  • Flexible

    You can enable or disable Server Load Balancer access logs according to the instance specification. Additionally, you can set the storage period (1 to 365 days) as needed and the Logstore's capacity is scalable to meet increasing service demands.

Configure access logs

Before configuring access logs, make sure:
  1. A Layer-7 listener is added.
  2. Log Service is activated.
To configure access logs, complete these steps.
  1. Log on to the SLB console.
  2. In the left-side navigation pane, click Logs > Access Logs.
  3. Select a region.
  4. Click Authorize, and then click Confirm Authorization Policy to authorize Server Load Balancer to write logs to Log Service.
    If you are using a RAM account, the primary account must perform authorization. For more information, see Authorize a RAM user to use access logging.
    Note This operation is required only at the first time.
  5. On the Access Logs page, find the target Server Load Balancer instance and click Configure Logging.
  6. Select the LogProject and LogStore of Log Service and then click OK.

    If there is no available LogStore, click Log Service console to create log projects.

    Note Make sure that the name of the LogProject is globally unique and the region of the LogProject is the same as that of the Server Load Balancer instance.

Search and analyze access logs

After configuring Server Load Balancer access logs, you can search and view logs using the following indexing fields.

Field Description
body_bytes_sent The size of HTTP body (in byte) sent to the client.
client_ip The client IP.
host The host header in the request.
http_user_agent The received http_user_agent header in the request.
request_length The length of the request including startline, HTTP header and HTTP body.
request_method The request method.
request_time The interval between the time the Server Load Balancer receives the first request and the time the Server Load Balancer returns a response.
request_uri The URI of the received request.
Slbid The ID of the Server Load Balancer instance.
status The status of the SLB response.
Upstream_addr The IP address and port number of the backend server.
upstream_response_time The interval between the time Server Load Balancer sends a request to the backend server and the time Server Load Balancer sends a response to the client.
upstream_status The response status code of the backend server received by SLB.

Search access logs

To search access logs, complete these steps:

  1. Go to the log search page. You can navigate to the search page from the Server Load Balancer console or the Log Service Console:
    • From the Server Load Balancer console:
      On the Access Logs page, click View Logs.

    • From the Log Service Console:
      On the Logstores page, click Search of the target Logstore.

  2. Click the target log field to view detailed information.
  3. Enter an SQL statement to query access logs.
    For example, enter the following SQL statement to query the Top20 clients, which is used for analyzing the request resource to assist business decision-making.
    * | select ip_to_province(client_ip) as client_ip_province, count(*) as pv group by
          client_ip_province order by pv desc limit 50

Analyze access logs

You can analyze access logs through the dashboard, which provides rich graphic information.

To analyze access logs, complete these steps:

  1. On the Log Service console, click the project link of the SLB instance.
  2. In the left-side navigation pane, click Search/Analytics - Query > Dashboard, and then click the name of the access log.

Disable access logging

To disable access logging, complete these steps:

  1. Log on to the SLB console.
  2. In the left-side navigation pane, click Logs > Access Logs.
  3. Select a region.
  4. On the Access Logs page, find the target instance and click Delete to disable access logging.

  5. In the displayed dialog box, click OK.