This topic describes how to enable the access log management feature in the Server Load Balancer (SLB) console. After you enable the feature, you can collect Layer 7 access logs of Classic Load Balancer (CLB) to Log Service.
Prerequisites
- A CLB instance is created. For more information, see Create a CLB instance.
- A Layer 7 listener, such as an HTTP or HTTPS listener, is configured for the CLB instance. For more information, see Add an HTTP listener or Add an HTTPS listener.
- A project and a Logstore are created in the region where the CLB instance resides. For more information, see Create a project and a Logstore.
Procedure
Important Before you can use a Resource Access Management (RAM) user to enable the access log management feature, you must grant the required permissions to the RAM user. For more information, see RAM user authorization.
- Log on to the SLB console.
- In the top navigation bar, select the required region.
- In the left-side navigation pane, choose .
- Authorize SLB to assume the AliyunLogArchiveRole role to access Log Service. This operation is required only when you enable the access log management feature for the first time. You must complete the authorization by using your Alibaba Cloud account.Warning Do not revoke permissions from the AliyunLogArchiveRole role or delete the role. Otherwise, CLB access logs cannot be sent to Log Service.
- On the Access Logs (Layer-7) page, find the CLB instance and click Configure Logging in the Actions column.
- In the Configure Logging panel, select the project and Logstore, and click OK. After you complete the configuration, Log Service automatically creates indexes for the Logstore. If indexes were already created for the Logstore, the existing indexes are overwritten.
What to do next
Operation | Description |
---|---|
Query access logs | On the Access Logs (Layer-7) page, find the CLB instance and click View Logs in the Actions column. For more information, see Query access logs. |
Disable the access log management feature | On the Access Logs (Layer-7) page, find the CLB instance and click Delete in the Actions column. For more information, see Disable access logs. Important The project and the logs that are sent to Log Service are not automatically deleted after you disable the access log management feature. To prevent unwanted fees after you disable the feature, we recommend that you manually delete the project in the Log Service console. For more information, see Delete a project. |