Microservices Engine (MSE) application protection writes three log files that capture per-second metrics, blocking events, and rule processing activity for each protected resource. Use these logs to monitor resource status and troubleshoot protection issues on individual servers.
All applications with MSE application protection enabled produce these logs automatically.
Log directory
The base log directory (${BaseDir}) depends on your MSE agent version:
| MSE agent version | Base directory |
|---|---|
| Earlier than 4.3.0 | ${user_home}/logs/csp |
| 4.3.0 and later | /home/admin/.opt/AliyunJavaAgent/logs/sentinel |
To check your MSE agent version, go to the node details page of your application.
Log files
| Log type | File path | Description |
|---|---|---|
| Second-level monitoring logs | ${BaseDir}/${app_name}-metrics.log | Per-second metric data for each protected resource |
| Blocking details logs | ${BaseDir}/sentinel-block.log | Requests blocked by protection rules (flow control, circuit breaking, concurrency isolation, hot parameter protection) |
| Business logs | ${BaseDir}/sentinel-record.log.${Current date} | Rule push, reception, and processing events, and resource calls |
Second-level monitoring logs
Each line in ${app_name}-metrics.log records the metric data for one resource over a one-second interval.
Sample entry:
1718765870000|2024-06-19 02:57:50|/flow|30|5|30|10|13|0|1|1|INField reference
| Position | Field | Example | Description |
|---|---|---|---|
| 1 | Timestamp | 1718765870000 | Unix timestamp in milliseconds |
| 2 | Formatted time | 2024-06-19 02:57:50 | Human-readable timestamp |
| 3 | Resource name | /flow | Name of the protected resource |
| 4 | Passed QPS | 30 | Requests that passed all rule checks per second |
| 5 | Rejected QPS | 5 | Requests blocked by protection rules per second |
| 6 | Completed QPS | 30 | Completed calls (successful + failed) per second |
| 7 | Abnormal QPS | 10 | Processing exceptions of a resource per second |
| 8 | Average RT | 13 | Average response time of a resource |
| 9 | Reserved | 0 | Reserved for internal use |
| 10 | Parallelism | 1 | In-flight requests not yet completed |
| 11 | Reserved | 1 | Reserved for internal use |
| 12 | Direction | IN | IN = inbound (server-side), OUT = outbound (client-side) |
Blocking details logs
Each line in sentinel-block.log records the blocking events for one resource over a one-second interval, regardless of the protection type (flow control, circuit breaking, or system protection).
Sample entries:
2024-06-19 03:13:44|1|/a,ConcurrencyLimitException,default,origin,26133,1718766824000|1,0,0
2024-06-19 03:13:45|1|/flow,FlowException,default,origin,33593,1718766825000|6,0,0Field reference
| Position | Field | Example | Description |
|---|---|---|---|
| 1 | Formatted time | 2024-06-19 03:13:44 | Timestamp of the blocking event |
| 2 | Serial number | 1 | Serial number. You do not need to pay attention to this value. |
| 3 | Resource name | /a | Name of the blocked resource |
| 4 | Blocking type | FlowException | Exception class that identifies the protection rule type. See the blocking type reference table below. |
| 5 | Reserved | default | Reserved for internal use |
| 6 | Reserved | origin | Reserved for internal use |
| 7 | Rule ID | 26133 | ID of the protection rule that triggered the block |
| 8 | Timestamp | 1718766824000 | Unix timestamp in milliseconds |
| 9 | Block count | 1,0,0 | First value: number of blocks per second. Remaining values are reserved. |
Blocking type reference
| Exception class | Protection type |
|---|---|
FlowException | Flow control (interface throttling) |
DegradeException | Circuit breaking or degradation |
ConcurrencyLimitException | Concurrency isolation |
ParamFlowException | Hot parameter protection (RPC) |
WebFlowException | Hot parameter protection (HTTP) |
Business logs
Business logs are stored in sentinel-record.log.${Current date} under ${BaseDir}. These logs record the push, reception, and processing of rules and resource calls. The logs are useful for troubleshooting.