Configure access logs - Server Load Balancer - Alibaba Cloud Documentation Center

You must authorize Classic Load Balancer (CLB) to access Log Service before access logs can be written to Log Service.

Prerequisites

A Layer 7 CLB instance is created. For more information, see Create a CLB instance and Add an HTTP listener.
Log Service is activated. For more information, see Activate Log Service.

Configure logging

Log on to the CLB console.
In the left-side navigation pane, choose CLB (FKA SLB) > Logs > Access Logs.
In the top navigation bar, select the region where the Classic Load Balancer (CLB) instance is deployed.CLB
Click Authorize Now. On the Cloud Resource Access Authorization page, click Confirm Authorization Policy.
Note You only need to perform the authorization once.
If you use a Resource Access Management (RAM) user, you must acquire the permissions from your Alibaba Cloud account. For more information about, see Authorize a RAM user to use the access log feature.
On the Access Logs (Layer-7) page, find the CLB instance that you want to manage and click Configure Logging in the Actions column.

In the Configure Logging panel, configure the Project and Logstore parameters and click OK.

Project: used to isolate and manage resources in Log Service.
Logstore: used to collect, store, and query log data in Log Service.

Note Make sure that the name of the project is unique and the region of the project is the same as that of the CLB instance.

After access log is enabled, you can query and search for log data by using the fields listed in the following table.


Field	Description
slbid	The ID of the CLB instance.
__topic__	The topic of the log. The default value is slb_layer7_access_log.
body_bytes_sent	The size of the HTTP response body. Unit: bytes.
client_ip	The IP address of the client.
host	By default, the value is retrieved from the request parameters. If the host is not specified in the request parameters, the system retrieves the value from the Host header. If this value cannot be retrieved from the request parameters or the Host header, the IP address of the backend server is used.
http_host	The Host header of the HTTP request.
http_referer	The Referer header of the HTTP request received by CLB.
http_user_agent	The Http_User_Agent header of the HTTP request.
http_x_forwarded_for	The X-Forwarded-For header of the HTTP request.
http_x_real_ip	The real client IP address.
read_request_time	The amount of time that CLB takes to process the request. Unit: milliseconds.
request_length	The length of the request, including the start line, request headers, and the request body.
request_method	The request method.
request_time	The time duration between when CLB receives the first request and when CLB returns the response. Unit: seconds.
request_uri	The URI of the request received by CLB.
scheme	The scheme of the request. Valid values: HTTP and HTTPS.
server_protocol	The version of the HTTP protocol that is received by CLB. For example, HTTP/1.0 or HTTP/1.1.
slb_vport	The listening port of the CLB instance.
ssl_cipher	The cipher suite used to establish an SSL connection. Example: ECDHE-RSA-AES128-GCM-SHA256.
ssl_protocol	The protocol that is used to establish an SSL connection. Example: TLSv1.2.
status	The status of the response returned by CLB.
tcpinfo_rtt	The round-trip time (RTT) of the TCP connection that is established by the client. Unit: microseconds.
time	The time when the log is generated.
upstream_addr	The IP address and port of the backend server.
upstream_response_time	The time duration between when the connection is established and when the connection is closed. Unit: seconds.
upstream_status	The HTTP status code sent from a backend server to CLB.
vip_addr	The virtual IP address.
write_response_time	The amount of time taken to respond to the write request. Unit: milliseconds.

In the message that appears, click OK.

Query access logs

After you enable the access log feature, you can query access logs in the Classic Load Balancer (CLB) console or the Log Service console.

Log on to the CLB console.
In the left-side navigation pane, choose CLB (FKA SLB) > Logs > Access Logs.
In the top navigation bar, select the region where the CLB instance is deployed.
On the Access Logs (Layer-7) page, click View Logs in the Actions column.
Click a log field to view detailed information.
Enter an SQL statement to query specified log data.
For example, you can enter the following SQL statement to query the top 20 most active clients. You can analyze the request source and make business decisions based on the information.
```
* | select http_user_agent, count(*) as pv group by http_user_agent order by pv desc limit 20
```

Analyze access logs

The Log Service dashboards display log data in multiple dimensions. You can use the dashboards to analyze access logs.

Log on to the Log Service console.
In the Projects section, click the project that you want to manage.
In the left-side navigation pane, click Dashboard and click the name of the access log.

Disable access logs

You can disable the access log for individual CLB instances. After you disable the access log feature, the access logs of the instance are no longer collected.

Log on to the CLB console.
In the left-side navigation pane, choose CLB (FKA SLB) > Logs > Access Logs.
In the top navigation bar, select the region where the CLB instance is deployed.
On the Access Logs (Layer-7) page, find the instance that you want to manage and click Delete in the Actions column.
In the message that appears, click OK.