After you add a Kubernetes cluster to an Alibaba Cloud Service Mesh (ASM) instance, Envoy proxies that are deployed on the data plane of the ASM instance can output all access logs of the cluster. ASM allows you to customize the content of access logs output by the Envoy proxies. This topic describes how to customize the content of access logs that are output by Envoy proxies.

Prerequisites

Step 1: Enable access logs

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, click Settings in the upper-right corner.
  5. In the Settings Update panel, select Enable Access Log and click OK.
    Access logs are enabled by default. The istio-proxy container outputs logs that contain the following fields. If access logs are disabled, the istio-proxy container will not generate access logs in the JSON format.
    
        "authority_for":"%REQ(:AUTHORITY)%",
        "bytes_received":"%BYTES_RECEIVED%",
        "bytes_sent":"%BYTES_SENT%",
        "downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%",
        "downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%",
        "duration":"%DURATION%",
        "istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%",
        "method":"%REQ(:METHOD)%",
        "path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
        "protocol":"%PROTOCOL%",
        "request_id":"%REQ(X-REQUEST-ID)%",
        "requested_server_name":"%REQUESTED_SERVER_NAME%",
        "response_code":"%RESPONSE_CODE%",
        "response_flags":"%RESPONSE_FLAGS%",
        "route_name":"%ROUTE_NAME%",
        "start_time":"%START_TIME%",
        "trace_id":"%REQ(X-B3-TRACEID)%",
        "upstream_cluster":"%UPSTREAM_CLUSTER%",
        "upstream_host":"%UPSTREAM_HOST%",
        "upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%",
        "upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
        "upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%",
        "user_agent":"%REQ(USER-AGENT)%",
        "x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"

Step 2: Customize access log content on the data plane

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the Instance Information page, click Update Access Log Format next to Enable Access Log.
  5. In the Update Access Log Format dialog box, set accessLogFormat key to my_custom_key and accessLogFormat value to %REQ(end-user)%, and then click Submit.
    In this topic, the header field end-user of an HTTP request in the Bookinfo instance is used as an example.

Step 3: View access logs

After you enable access logs, the sidecar container that initiates the request outputs access logs in the customized format.

  1. Enter ingress gateway address: productpage in the address bar of the browser to request the Productpage application.
  2. Log on to the ACK console.
  3. In the left-side navigation pane of the ACK console, click Clusters.
  4. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  5. In the left-side navigation pane of the details page, choose Workloads > Deployments.
  6. On the Deployments page, set Namespace to default and click Details in the Actions column of the productpage-v1 application.
  7. On the Application Details page, click the Logs tab and set Container to istio-proxy.
    The following log is displayed in the log output box. Logs

    You can see that the log contains an end-user named jason, indicating that log content is successfully customized.

Related operations

You can also use Log Service to collect access logs on the data plane. For more information, see Use Log Service to collect logs of ingress gateways on the data plane.