Enable the access log management feature - Log Service - Alibaba Cloud Documentation Center

This topic describes how to enable the access log management feature in the SLB console. After you enable the feature, you can use Log Service to collect SLB access logs.

Prerequisites

An SLB instance is created. For more information, see Create a CLB instance.
An HTTP or HTTPS listener is configured for the SLB instance. For more information, see Add an HTTP listener or Add an HTTPS listener.
A project and a Logstore are created in the region where the SLB instance resides. For more information, see Create a project and a Logstore.

Procedure

Important Before you can use a RAM user to enable the access log management feature, you must grant the required permissions to the RAM user. For more information, see Authorize a RAM user to use the access log feature.

Log on to the SLB console.
In the upper-left corner of the page, select the region where the SLB instance resides.
In the left-side navigation pane, choose Logs > Access Logs.
Authorize SLB to assume the AliyunLogArchiveRole role to access Log Service.
If you have authorized SLB to assume the AliyunActionTrailDefaultRole role, skip this step.
Warning You must not delete the AliyunLogArchiveRole role or revoke the permissions from the AliyunLogArchiveRole role. Otherwise, logs cannot be shipped to Log Service.
On the Access Logs (Layer-7) page, click Configure in the Actions column of the instance.
In the Configure Logging dialog box, select an available project and a Logstore. , and then click OK.
After you complete the configuration, indexes are automatically created for the data in the selected Logstore. If indexes were created in the Logstore, the indexes are overwritten.

What to do next

After SLB access logs are collected by Log Service, you can query, download, ship, and transform the logs. You can also create alerts for the logs. For more information, see Common operations on logs of Alibaba Cloud services.