You must authorize Classic Load Balancer (CLB) to access Log Service before access logs can be written to Log Service.



  1. Log on to the CLB console.
  2. In the left-side navigation pane, choose Logs > Access Logs.
  3. In the top navigation bar, select the region where the CLB instance is deployed.
  4. Click Authorize. In the dialog box that appears, click Confirm Authorization Policy to authorize Classic Load Balancer (CLB) to write logs to Log Service.
    If you use a Resource Access Management (RAM) user, you must acquire the permissions from your Alibaba Cloud account. For more information, see Authorize a RAM user to use the access log feature.
    Note You need only to perform the authorization once.
  5. On the Access Logs (Layer-7) page, find the CLB instance that you want to manage and click Configure Logging in the Actions column.
  6. In the Configure Logging panel, select a project and a Logstore.
    • Project: used to isolate and manage resources in Log Service.
    • Logstore: used to collect, store, and query log data.
    Note Make sure that the name of the project is unique and the region of the project is the same as that of the CLB instance.

    After access log is enabled, you can query and search for log data by using the fields listed in the following table.

    Field Description
    slbid The ID of the CLB instance.
    __topic__ The topic of the log entry. The default topic is slb_layer7_access_log.
    body_bytes_sent The size of an HTTP response body. Unit: bytes.
    client_ip The client IP address.
    host By default, the value is retrieved from the request parameters. If the host is not specified in the request parameters, the system retrieves the value from the Host header. If this value cannot be retrieved from the request parameters or the Host header, the IP address of the backend server is used.
    http_host The Host header of an HTTP request.
    http_referer The Referer header of an HTTP request received by CLB.
    http_user_agent The Referer header of an HTTP request.
    http_x_forwarded_for The X-Forwarded-For header of an HTTP request.
    http_x_real_ip The client IP address.
    read_request_time The amount of time that CLB takes to process a request. Unit: milliseconds.
    request_length The combined size of the start line, headers, and body of an HTTP request.
    request_method The request method.
    request_time The amount of time from when CLB receives the first request to when CLB returns a response. Unit: seconds.
    request_uri The URI of a request received by CLB.
    scheme The request protocol. Valid values: HTTP and HTTPS.
    server_protocol The version of the HTTP protocol that is received by CLB. For example, HTTP/1.0 or HTTP/1.1.
    slb_vport The listening port of the CLB instance.
    ssl_cipher The cipher suite used to establish an SSL connection, for example, ECDHE-RSA-AES128-GCM-SHA256.
    ssl_protocol The protocol that is used to establish an SSL connection, for example, TLS 1.2.
    status The status of a response returned by CLB.
    tcpinfo_rtt The amount of time that is taken to establish a TCP connection. Unit: milliseconds.
    time The time when the log entry is generated.
    upstream_addr The IP address and port of the backend server.
    upstream_response_time The amount of time from when a connection is established to when the connection is closed. Unit: seconds.
    upstream_status The HTTP status code sent from a backend server to CLB.
    vip_addr The virtual IP address.
    write_response_time The amount of time taken to respond to a write request. Unit: milliseconds.
  7. Click OK.