After you add a Kubernetes cluster to an Alibaba Cloud Service Mesh (ASM) instance, Envoy proxies that are deployed on the data plane of the ASM instance can generate all access logs of the cluster. ASM allows you to customize the content of access logs that are generated by Envoy proxies. This topic describes how to customize the content of access logs that are generated by Envoy proxies.

Prerequisites

Step 1: Enable access logs

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose ASM Instance > Basic Information in the left-side navigation pane. On the Basic Information page, click Settings.
  5. In the Settings Update panel, select Enable Access Log and click OK.
    By default, access logs are enabled, and the istio-proxy container generates logs that contain the following fields. If access logs are disabled, the istio-proxy container does not generate access logs in the JSON format.
    
        "authority_for":"%REQ(:AUTHORITY)%",
        "bytes_received":"%BYTES_RECEIVED%",
        "bytes_sent":"%BYTES_SENT%",
        "downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%",
        "downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%",
        "duration":"%DURATION%",
        "istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%",
        "method":"%REQ(:METHOD)%",
        "path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
        "protocol":"%PROTOCOL%",
        "request_id":"%REQ(X-REQUEST-ID)%",
        "requested_server_name":"%REQUESTED_SERVER_NAME%",
        "response_code":"%RESPONSE_CODE%",
        "response_flags":"%RESPONSE_FLAGS%",
        "route_name":"%ROUTE_NAME%",
        "start_time":"%START_TIME%",
        "trace_id":"%REQ(X-B3-TRACEID)%",
        "upstream_cluster":"%UPSTREAM_CLUSTER%",
        "upstream_host":"%UPSTREAM_HOST%",
        "upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%",
        "upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
        "upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%",
        "user_agent":"%REQ(USER-AGENT)%",
        "x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"

Step 2: Customize the content of access logs on the data plane

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose ASM Instance > Basic Information in the left-side navigation pane.
  5. On the Basic Information page, click Update Access Log Format on the right of Enable Access Log.
  6. In the Update Access Log Format dialog box, add a record by setting the accessLogFormat key parameter to my_custom_key and the accessLogFormat value parameter to %REQ(end-user)%. Then, click Submit.
    In this topic, the header field end-user in HTTP requests of the Bookinfo application is used as an example.

Step 3: View access logs

After you enable access logs, the sidecar container that initiates requests generates access logs in the custom format.

  1. Enter ingress gateway address:productpage in the address bar of your browser to request the Productpage application.
  2. Log on to the ACK console.
  3. In the left-side navigation pane of the ACK console, click Clusters.
  4. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  5. In the left-side navigation pane of the details page, choose Workloads > Deployments.
  6. On the Deployments page, set the Namespace parameter to default and click Details in the Actions column of the productpage-v1 application.
  7. On the details page of the application, click the Logs tab and set the Container parameter to istio-proxy.
    The following log is displayed in the log output box. Log

    You can see that the log contains a field in which an end user named jason is recorded. This indicates that log content customization is successful.

Related operations

You can also use Log Service to collect access logs on the data plane. For more information, see Use Log Service to collect logs of ingress gateways on the data plane.