After you add a Kubernetes cluster to an Alibaba Cloud Service Mesh (ASM) instance,
Envoy proxies that are deployed on the data plane of the ASM instance can generate
all access logs of the cluster. ASM allows you to customize the content of access
logs that are generated by Envoy proxies. This topic describes how to customize the
content of access logs that are generated by Envoy proxies.
Step 1: Enable access logs
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM
instance or click Manage in the Actions column.
- On the details page of the ASM instance, choose in the left-side navigation pane. On the Basic Information page, click Settings.
- In the Settings Update panel, select Enable Access Log and click OK.
By default, access logs are enabled, and the istio-proxy container generates logs
that contain the following fields. If access logs are disabled, the istio-proxy container
does not generate access logs in the JSON format.
"authority_for":"%REQ(:AUTHORITY)%",
"bytes_received":"%BYTES_RECEIVED%",
"bytes_sent":"%BYTES_SENT%",
"downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%",
"downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%",
"duration":"%DURATION%",
"istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%",
"method":"%REQ(:METHOD)%",
"path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"protocol":"%PROTOCOL%",
"request_id":"%REQ(X-REQUEST-ID)%",
"requested_server_name":"%REQUESTED_SERVER_NAME%",
"response_code":"%RESPONSE_CODE%",
"response_flags":"%RESPONSE_FLAGS%",
"route_name":"%ROUTE_NAME%",
"start_time":"%START_TIME%",
"trace_id":"%REQ(X-B3-TRACEID)%",
"upstream_cluster":"%UPSTREAM_CLUSTER%",
"upstream_host":"%UPSTREAM_HOST%",
"upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%",
"upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%",
"user_agent":"%REQ(USER-AGENT)%",
"x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"
Step 2: Customize the content of access logs on the data plane
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM
instance or click Manage in the Actions column.
- On the details page of the ASM instance, choose in the left-side navigation pane.
- On the Basic Information page, click Update Access Log Format on the right of Enable Access Log.
- In the Update Access Log Format dialog box, add a record by setting the accessLogFormat key parameter to my_custom_key and the accessLogFormat value parameter to %REQ(end-user)%. Then, click Submit.
In this topic, the header field end-user in HTTP requests of the Bookinfo application
is used as an example.
Step 3: View access logs
After you enable access logs, the sidecar container that initiates requests generates
access logs in the custom format.
- Enter ingress gateway address:productpage in the address bar of your browser to request the Productpage application.
- Log on to the ACK console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane of the details page, choose .
- On the Deployments page, set the Namespace parameter to default and click Details in the Actions column of the productpage-v1 application.
- On the details page of the application, click the Logs tab and set the Container parameter to istio-proxy.
The following log is displayed in the log output box.
You can see that the log contains a field in which an end user named jason is recorded.
This indicates that log content customization is successful.