The access log feature is provided by Application Load Balancer (ALB) and Simple Log Service (SLS). This feature lets you analyze user behavior, understand user geographic distribution, and troubleshoot issues.
Background information
ALB serves as an access entry point that handles a large volume of requests. ALB supports shipping access logs to Simple Log Service. You can use the powerful big data computing capabilities of Simple Log Service to analyze access logs to understand user behavior, identify the geographic distribution of users, and troubleshoot issues. The ALB access log feature has the following advantages:
Simple: This feature simplifies log processing for developers and O&M engineers, which allows them to focus on business development and technical exploration.
High-volume: ALB access logs typically contain a large amount of data. Processing these logs requires you to consider performance and cost. Simple Log Service can analyze 100 million log entries per second and provides significant cost and performance advantages over self-built open source solutions.
Real-time: Scenarios such as DevOps, monitoring, and alerting require real-time log data. The powerful big data computing capabilities of Simple Log Service can analyze and process real-time logs in seconds.
Elastic: You can enable or disable the access log feature at the ALB instance level. The Logstore capacity can dynamically scale to meet business growth needs.
Billing
After ALB ships logs to Simple Log Service, Simple Log Service charges you for storage space, read traffic, the number of requests, data transformation, and data shipping. For more information, see Simple Log Service billing.
Prerequisites
Before you use the access log feature, you must activate Simple Log Service. For more information, see Activate Simple Log Service.
Create an access log
Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
On the Instances page, click the target instance ID.
On the instance details page, click the Access Logs tab, and on the Access Logs tab, click Create Access Log.
In the Create Access Log dialog box, configure the Project and Logstore parameters, and click OK.
Configuration
Description
Project
A resource management unit in Simple Log Service used for resource isolation and control.
Select Project: Select an existing Project from the drop-down list.
Create Project: Enter a new Project name in the text box.
Logstore
A unit for log data collection, storage, and query in Simple Log Service.
Select Existing Logstore: Select a Logstore from the drop-down list.
Create Logstore: Enter a Logstore name in the text box. If you select Create Project, you must also select Create Logstore.
Notes On Creating Service-linked Role
When you perform this operation, the system automatically creates a service-linked role to enable the feature.
In the dialog box that appears, read the information and click OK.
If you create a new Logstore, Simple Log Service creates an index and enables a dashboard for the Logstore by default.
If you select an existing Logstore, Simple Log Service automatically enables a dashboard. If the Logstore already has an index, the existing configuration is not overwritten. You can add a new index in the Simple Log Service console.
View access logs
On the Access Logs tab, click the link on the right side of Simple Log Service to view information such as raw logs in the Simple Log Service console.
On the Access Logs tab, click Monitoring Center, Access Center, or Fine-grained Monitoring and specify filter conditions to query metrics.
Module Classification
Metric description
Monitoring Center
Displays real-time monitoring data for the ALB instance. Metrics include page views (PVs), request success rate, average latency, 4xx requests, status distribution, traffic, P50 latency, P90 latency, P99 latency, P9999 latency, top request hosts, top latency hosts, top failure rate hosts, top request URLs, top latency URLs, top failure rate URLs, top request backends, top latency backends, and top failure rate backends.
Access Center
Displays access status data for the ALB instance. Metrics include PVs (day-over-day), PVs (week-over-week), UVs (day-over-day), UVs (week-over-week), PV distribution, UV distribution, today's PVs, 7-day PVs, top 10 accessed provinces, mobile client ratio, top 10 accessed hosts, top 10 accessed UserAgents, and top accessed IPs.
Second-level Monitoring
Displays monitoring information at a second-level granularity to help identify transient jitter and other exceptions. Metrics include queries per second (QPS), access latency, upstream latency, success rate, request traffic, response body traffic, 2xx status codes, 3xx status codes, error status codes, upstream 2xx status codes, upstream 3xx status codes, and upstream error status codes.
In the upper-right corner of the Monitoring Center, Access Center, or Fine-grained Monitoring tab, click More Charts to open the CloudLens for ALB page and view more ALB reports. For more information, see View reports.
In the upper-right corner of the Monitoring Center, Access Center, or Fine-grained Monitoring tab, you can click Configure Alert Rules to open the CloudLens for ALB page and view alert incidents for the ALB instance.
You can also use the following features in the upper-right corner of the Monitoring Center, Access Center, or Fine-grained Monitoring tabs:
: Enables Dedicated SQL. For more information, see High-performance and high-precision query and analysis (Dedicated SQL).After Simple Log Service collects access logs, you can perform operations such as query and analysis, download, data shipping, data transformation, and alert creation. For more information, see General operations for cloud service logs.
Record custom headers
In addition to common headers, the slb_headers field records the names and values of other headers in a request. This allows for complete request logging and improved log analysis.
The custom header in an access log has a default length of 1 KB and can be increased to a maximum of 4 KB. To request an increase, contact your account manager. For more information, see What are the length limits for requests forwarded by ALB? Can they be adjusted?.
On the Access Logs tab, in the Basic Information section, click Record Custom Headers.
In the Record Custom HTTP Headers in Logs dialog box, select the listener that is associated with the ALB instance from the drop-down list.
To create a listener, click Create Listener from the drop-down list. For more information, see Add an HTTP listener, Add an HTTPS listener, and Add a QUIC listener.
In the dialog box, confirm the information and click OK.
After the configuration is complete, the slb_headers field in the log records the header_name and header_value of all headers in the request except for the following:
# Information about the following fields is not recorded in custom headers host referer user-agent x-forwarded-for x-readtime x-real-ip uber-trace-id X-B3-TraceId X-B3-SpanId X-B3-ParentSpanId X-B3-Sampled
Delete logs
On the Access Logs tab, click Disable Logging in the Basic Information section.
In the dialog box, confirm the information and click OK.
Log field descriptions
Field | Description |
app_lb_id | The ID of the Application Load Balancer instance. |
__topic__ | The log topic. The value is fixed to alb_layer7_access_log. |
body_bytes_sent | The number of bytes in the HTTP body sent to the client. |
client_ip | The IP address of the client that sent the request. If the "find real client source IP" feature is disabled, this field is the IP address of the previous hop from the load balancer. If the feature is enabled, this field is the real source IP address of the client. |
host | The domain name or IP address. The value is obtained from the host in the request parameters first. If it cannot be obtained, the value is taken from the host header. If it still cannot be obtained, the IP address of the backend server that processes the request is used as the host. |
http_host | The content of the host header in the request message. |
http_referer | The content of the referer header in the HTTP request message received by the load balancer. |
http_user_agent | The content of the user-agent header in the HTTP request message received by the load balancer. |
http_x_forwarded_for | The content of the x-forwarded-for header in the HTTP request message received by the load balancer. |
http_x_real_ip | The content of the x-real-ip header in the HTTP request message received by the load balancer. |
read_request_time | The time taken by the load balancer to read the request. Unit: milliseconds. |
request_length | The length of the request message, including the start line, HTTP header, and HTTP body. Unit: bytes. |
request_method | The method of the request message. |
request_time | The time interval from when the load balancer receives the first request message to when it returns a response. Unit: seconds. |
request_uri | The URI of the request message received by the load balancer. |
scheme | The schema of the request: HTTP or HTTPS. |
server_protocol | The version of the HTTP protocol received by the load balancer, such as HTTP/1.0 or HTTP/1.1. |
slb_vport | The listener port of the load balancer. |
slb_xtrace | The TraceId of the call chain for load balancer tracing analysis. |
xtrace_type | The type of Xtrace data for load balancer tracing analysis. Currently, only Zipkin is supported. |
ssl_cipher | The cipher used to establish the SSL-VPN connection, such as ECDHE-RSA-AES128-GCM-SHA256. |
ssl_protocol | The protocol used to establish the SSL-VPN connection, such as TLSv1.2. |
status | The status of the response message from the load balancer. |
tcpinfo_rtt | The client TCP connection time. Unit: microseconds. |
time | The time when the log was recorded. The time format is |
upstream_addr | The IP address and port of the backend server. |
upstream_response_time | The time from when the load balancer establishes a connection to the backend server until it finishes receiving data and closes the connection. Unit: seconds. |
upstream_status | The response status code received by the load balancer from the backend server. |
vip_addr | The virtual IP address. |
write_response_time | The response time for the write operation of the load balancer. Unit: milliseconds. |
client_port | The port of the client that sent the request. |
slb_headers | Custom headers. This feature must be enabled to be used. It stores the custom headers of the request. |
FAQ
Can I view access log data from before the access log was created?
Not supported.
You can view only the log data that is collected after the access log feature is enabled. Simple Log Service does not collect ALB access data that is generated before you enable the feature. Therefore, previous log data is unavailable.