All Products
Search

This Product

    Smart Access Gateway:View client access logs

    Document Center

    Smart Access Gateway:View client access logs

    Last Updated:Jun 20, 2026

    After clients connect to Alibaba Cloud using a Smart Access Gateway (SAG) app instance, you can view and subscribe to client access logs on the SAG console.

    Prerequisites

    A client can connect to Alibaba Cloud using an SAG app instance. For more information, see Get started with the SAG App.

    Step 1: Enable the access log feature

    To view client access logs, you must first enable the access log feature for the SAG app instance. Once enabled, the system automatically records all client connection information for the instance and generates access logs.

    1. Log on to the SAG console.

    2. In the left-side navigation pane, choose Smart Access Gateway App > SAG App Instances.

    3. In the top navigation bar, select the region.

    4. On the SAG App Instances page, find the target SAG app instance and click the SAG app instance ID.

    5. On the Basic Information tab of the SAG app instance details page, find the Access Log item and turn on the switch.

    Step 2: View client access logs

    After you enable the access log feature for an SAG app instance, you can view the client access logs for the app instance on the Access Log page.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, view client access logs on the Audit List tab.

      The audit list includes the following columns: SAG Instance ID/Name, Operation Time, Username, Terminal Type, Source, IP, Object, Status, and Details. You can search by SAG instance ID or name, or filter log entries by time.

    Step 3 (Optional): Subscribe to client access logs

    If you want to closely monitor specific clients, you can create a subscription. The system then sends you the access logs for these clients at regular intervals.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, click the Audit List tab, and then click Subscribe.

    3. In the Create Subscription dialog box, configure the parameters based on the following information, and then click OK.

      Important

      When you create a subscription, you can subscribe only to information that is available on the Audit List tab.

      For example, assume the access log feature is enabled for SAG app instance A, which has three clients: Client 1, Client 2, and Client 3. Client 1 and Client 2 have connected to Alibaba Cloud through the app instance, but Client 3 has never connected. In this scenario, the system records connection information for only Client 1 and Client 2. This means the Audit List tab contains only the access logs for Client 1 and Client 2. Therefore, when you create a subscription, you can subscribe to the access logs of only Client 1 and Client 2.

      Parameter

      Description

      Email Address

      Enter the email address where you want to receive the access logs.

      To enter multiple email addresses, separate them with commas (,).

      Send At

      Specify the time when the system sends the access logs.

      SAG Instance ID/Name

      Select the SAG app instance for the subscription.

      By default, the subscription includes the access logs of all recorded clients on the SAG app instance.

      Username

      Select the username of the client for the subscription.

      Important

      When you select a client, ensure its SAG app instance is also included in the subscription. Otherwise, the system will not send the access logs for this client.

      Terminal Type

      Select the terminal type of the client for the subscription.

      By default, the subscription includes the access logs of all recorded terminal types.

      Source

      Select the source of the client. The only valid value is All.

      IP

      Select the IP address of the client. The only valid value is All.

      Object

      Select the client events for the subscription.

      • Log on to App: The client has connected to Alibaba Cloud.

      • Connect App to VPN: The client has connected to the internal network.

      • Disconnect App from VPN: The client has disconnected from the internal network.

      • Log out of App: The client has disconnected from Alibaba Cloud.

      After you create a subscription, click the Subscription Details tab to view subscription records, including recipient email addresses, creation time, sending schedule, and subscription information. In the Actions column, you can Modify, Cancel Subscription, or Delete a subscription.

    More operations

    Actions

    Steps

    Export access logs

    You can export the currently generated client access logs to a specified email address.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, go to the Audit List tab and select one or more log entries. At the bottom of the Audit List tab, click Export to Mail and choose either Export Selected or Export All.

      • If you choose Export Selected, the system exports only the selected access logs to the specified email address.

      • If you choose Export All, the system exports all access logs from the Audit List tab to the specified email address.

    3. In the Export Information dialog box, enter an email address and click OK.

      To enter multiple email addresses, separate them with commas (,).

    Download access logs

    You can download the currently generated client access logs to your local computer.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, click the 下载 icon in the upper-right corner of the Audit List tab.

    3. Save all client access logs from the Audit List tab to your local computer.

    Modify a subscription

    You can modify a subscription at any time after creating it.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, click the Subscription Details tab.

    3. Find the subscription that you want to modify and click Modify in the Operation column.

    4. In the Modify Subscription dialog box, modify the subscription details and click OK.

    Cancel a subscription

    To temporarily stop receiving access logs from a subscription, you can cancel it.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, click the Subscription Details tab.

    3. Find the subscription that you want to cancel and click Cancel Subscription in the Operation column.

      To resume a canceled subscription, click Enable Subscription in the Operation column.

    Delete a subscription

    If you no longer need a subscription, you can delete it.

    You must cancel a subscription before you can delete it. For more information, see Cancel Subscription.

    1. In the left-side navigation pane, choose Smart Access Gateway App > Access Log.

    2. On the Access Log page, click the Subscription Details tab.

    3. Find the subscription that you want to delete and click Delete in the Operation column.

    4. In the Delete Subscription dialog box, click OK.

    Disable the access log feature

    If you no longer need to monitor clients for an SAG app instance, you can disable its access log feature. Once disabled, the system stops recording connection information for the instance's clients.

    1. In the left-side navigation pane, choose Smart Access Gateway App > SAG App Instances.

    2. In the top navigation bar, select the target region.

    3. On the SAG App Instances page, find the target SAG app instance and click the SAG app instance ID.

    4. On the Basic Information tab of the SAG app instance details page, find the Access Log item and turn off the switch.