The operation logs of Application Load Balancer (ALB) record the operations that are performed on ALB instances by calling API operations or using the ALB console.
Background information
ALB is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage ALB resources. ActionTrail can deliver management events to Logstores in Simple Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and identify the causes of issues. For more information, see What is ActionTrail?
View operation logs
You can use one of the following methods to view ALB operation logs in the ALB console. You can select a method based on your business requirements.
Method | Description | Billing | Action |
Method 1: Basic event query | You can query events that are generated within the last 90 days for only one Alibaba Cloud account in one region. In addition, you can specify only one event property as the query condition for each event query. | The current version of ActionTrail is free of charge. | |
Method 2: Advanced event query | You can query events that are generated within more than 90 days across Alibaba Cloud accounts or regions by specifying multiple query conditions or executing custom SQL statements. | The current version of ActionTrail is free of charge. When you use advanced event queries, data is shipped to Simple Log Service. You are charged a small fee based on the billing rules of Simple Log Service or OSS. For more information, see the following topics: |
Basic event query
You can query events of specific types that are generated within the last 90 days.
- Log on to the ALB console.
In the left-side navigation pane, choose .
On the Operation Logs page, perform the following steps to filter events:
NoteIf the page for advanced event queries is displayed, click Switch to Event Query in the upper-right corner of the page.
Select an event type.
Event type
Option
Read/Write type
Valid values: Write and Read.
Username
Specify a username type. For example, user1 specifies a RAM user.
Resource Type
Select a resource type.
Select a time period. You can query events within the last 90 days.
Click
to filter events.
Find the event that you want to manage and click the
icon. View detailed information about the event.
Click Event Detail.
The Event Detail message displays the record in XML. You can click the
icon to copy the record. Then you can paste the record to an on-premises machine or another destination.
Advanced event query
You can query events that occurred in multiple regions within more than 90 days by specifying custom filter conditions or executing SQL statements. You can perform advanced event queries in standard mode or simple mode based on your business requirements. For more information about the scenarios of standard mode and simple mode, see the following table.
Mode | Query method | Description | Example |
Standard mode (default) | Single-condition query | You can filter events by service name, event name, resource name, resource type, read/write type, username, AccessKey ID, source IP address, requester ID, account type, region, event source, or event ID. | To query all events that are generated by ALB within a period of time, use the default value for Service Name, and click Query. |
Multi-condition query | You can query events in multiple regions. | To query events in the China (Hangzhou) and China (Shanghai) regions, click Unfold and select China (Hangzhou) and China (Shanghai) from the Region drop-down list. | |
Simple mode | Keyword-based query | You can enter a keyword in the search box based on your business requirements. | To query all write events, enter |
Single-condition query | You can specify a filter condition in the Who, What, Which, Where, or Other category to query events. | To query all events that are generated by ALB within a period of time, use the default value for Service Name, and click Query. | |
Multi-condition query | You can specify multiple filter conditions in the Who, What, Which, Where, and Other categories to query events. | To query the events that are generated by Alex in ActionTrail, enter | |
NOT operator-based query | You can specify multiple filter conditions and change the operator in front of a filter condition that you want to exclude to the NOT operator. | To query events that are not generated by Alex in ActionTrail, enter |
- Log on to the ALB console.
In the left-side navigation pane, choose .
The first time that you view operation logs, click Enable Advanced Event Query.
In the Enable Advanced Event Query panel, select Create Trail or Select an existing trace.
Enter a trail name.
Click Activate to activate Simple Log Service.
NoteBefore you ship audit events to Logstores in Simple Log Service, you must activate and grant the required permissions to Simple Log Service. After you activate and grant the required permissions to Simple Log Service, audit events are automatically stored in the Logstores that you specify.
You are charged a small fee for using Simple Log Service. The fee is estimated based on the number of events in the last 30 days. For more information, click View Trail Cost Estimation.
Click OK.
On the Operation Logs page, use one of the following methods to view ALB operation logs:
NoteBy default, if you do not specify filter conditions, all events are queried.
Method 1: Standard mode (default)
Specify filter conditions.
Click Query.
Method 2: Simple mode
Click Switch to the simple mode.
Specify filter conditions or query statements in the search box.
You can specify a filter condition in the Who, What, Which, Where, or Other category to query events.
Click Query.
Find the event that you want to manage and click the
icon. View detailed information about the event.
Click Event Detail.
The Event Detail message displays the record in XML. You can click the
icon to copy the record. Then you can paste the record to an on-premises machine or another destination.
After you perform an advanced event query, you can perform the following operations on the Operation Logs page:
To perform basic event queries, click Switch to Event Query on the right side of the page.
You are charged for shipping logs to Simple Log Service. To stop the billing, perform the following steps:
Click the name of the trail. On the details page of the trail, turn off Trail Status.
Return to the Operation Logs page in the ALB console, click the hyperlink to Simple Log Service, move the pointer over the Logstore that you want to delete, and then choose
> Delete.
To disable the advanced event query feature, perform the following steps:
Click the name of the trail. In the left-side navigation pane, click Trails. On the Trails page, turn off Advanced Event Query.
Return to the Operation Logs page in the ALB console and refresh the page. The Operation Logs page for basic event queries appears.
Audit events of ALB
Event | Description |
AddEntriesToAcl | IP entries are added to an access control list (ACL). |
AddServersToServerGroup | Backend servers are added to the specified server group. |
ApplyHealthCheckTemplateToServerGroup | A health check template is applied to a server group. |
AssociateAclsWithListener | ACLs are associated with a listener. |
AssociateAdditionalCertificatesWithListener | Additional certificates are added to a listener. |
AttachCommonBandwidthPackageToLoadBalancer | An elastic IP address (EIP) bandwidth plan is associated with an ALB instance. |
Create | AnALB instance is purchased on the buy page. |
CreateAcl | An ACL is created. |
CreateAScripts | A programmable script is created. |
CreateHealthCheckTemplate | A health check template is created. |
CreateListener | A listener is created. |
CreateLoadBalancer | An ALB instance is created. |
CreateRule | A forwarding rule is created. |
CreateRules | Multiple forwarding rules are created. |
CreateSecurityPolicy | A custom security policy is created. |
CreateServerGroup | A server group is created. |
DeleteAcl | An ACL is deleted. |
DeleteAScripts | A programmable script is deleted. |
DeleteHealthCheckTemplates | Multiple health check templates are deleted at a time. |
DeleteListener | A listener is deleted. |
DeleteLoadBalancer | An ALB instance is deleted. |
DeleteRule | A forwarding rule is deleted. |
DeleteRules | Multiple forwarding rules are deleted at a time. |
DeleteSecurityPolicy | A custom security policy is deleted. |
DeleteServerGroup | A server group is deleted. |
DescribeRegions | The regions that are supported by ALB are queried. |
DescribeZones | The zones in a region are queried. |
DetachCommonBandwidthPackageFromLoadBalancer | An Internet Shared Bandwidth is disassociated from an ALB instance. |
DisableDeletionProtection | The deletion protection feature is disabled for an ALB instance. |
DisableLoadBalancerAccessLog | The access log feature is disabled for an ALB instance. |
DisableLoadBalancerIpv6Internet | IPv6 Internet bandwidth is disabled for an ALB instance. |
DissociateAclsFromListener | ACLs are disassociated from a listener. |
DissociateAdditionalCertificatesFromListener | Additional certificates are removed from a listener. |
EnableConfigManaged | The configuration management feature is enabled for an ALB instance. |
EnableDeletionProtection | The deletion protection feature is enabled for an ALB instance. |
EnableLoadBalancerAccessLog | The access log feature is enabled for an ALB instance. |
EnableLoadBalancerIpv6Internet | IPv6 Internet bandwidth is enabled for an ALB instance. |
GetGlobalLoadBalancerSummary | The summarized information about global server load balancing is queried. |
GetHealthCheckTemplateAttribute | The details of a health check template are queried. |
GetListenerAttribute | The details of a listener are queried. |
GetListenerHealthStatus | The health check status of a listener is queried. |
GetLoadBalancerAttribute | The details of an ALB instance are queried. |
InitializeServiceLinkedRole | The service-linked role is initialized. |
ListAclEntries | IP entries of an ACL are queried. |
ListAclRelations | The listeners that are associated with an ACL are queried. |
ListAcls | The ACLs in a region are queried. |
ListAScripts | Programmable scripts are queried. |
ListAsynJobs | Asynchronous tasks are queried. |
ListBackupVersions | Configuration backups are queried. |
ListHealthCheckTemplates | Health check templates are queried. |
ListListenerCertificates | The certificates that are associated with a listener are queried. |
ListListeners | Listeners are queried. |
ListLoadBalancerLocalAddress | The back-to-origin routes of an ALB instance are queried. |
ListLoadBalancers | ALB instances are queried. |
ListRules | Forwarding rules are queried. |
ListSecurityPolicies | Custom security policies are queried. |
ListSecurityPolicyRelations | The listeners that are associated with specified security policies are queried. |
ListServerGroups | Server groups are queried. |
ListServerGroupServers | The backend servers in a server group are queried. |
ListSystemSecurityPolicies | System security policies are queried. |
ListTagKeys | The tag keys of an ALB instance are queried. |
ListTagResources | The keys and values of tags that are added to resources are queried. |
ListTagValues | The tag values of an ALB instance are queried. |
Modify | The specifications of an ALB instance are modified on the buy page. |
MoveResourceGroup | A resource is moved from one resource group to another. |
Release | A resource such as an ALB instance is released. |
RemoveEntriesFromAcl | IP entries are removed from an ACL. |
RemoveServersFromServerGroup | Backend servers are removed from a server group. |
ReplaceServersInServerGroup | Backend servers in a server group are replaced. |
SerializeLoadBalancer | The configurations of an ALB instance are serialized. |
SerializeServerGroup | The configurations of a server group are serialized. |
ServiceManagedControl | ALB resources are managed. |
StartListener | A listener is started. |
StopListener | A listener is stopped. |
TagResources | Tags are added to resources. |
UnSerializeLoadBalancer | The configurations of an ALB instance are deserialized. |
UnTagResources | Tags are removed from resources. |
UpdateAclAttribute | The attributes of an ACL are modified. |
UpdateAScripts | Programmable scripts are modified. |
UpdateHealthCheckTemplateAttribute | The attributes of a health check template are modified. |
UpdateListenerAttribute | The configurations of a listener are modified. |
UpdateListenerLogConfig | The log configurations of a listener are modified. |
UpdateLoadBalancerAddressTypeConfig | The network type of an ALB instance is changed. |
UpdateLoadBalancerAttribute | The attributes of an ALB instance are modified. |
UpdateLoadBalancerBillingConfig | The billing configurations of an ALB instance are modified. |
UpdateLoadBalancerEdition | The edition of an ALB instance is changed. |
UpdateLoadBalancerZones | The zones of an ALB instance are modified. |
UpdateRuleAttribute | The attributes of a forwarding rule are modified. |
UpdateRulesAttribute | The attributes of forwarding rules are modified. |
UpdateSecurityPolicyAttribute | The attributes of a security policy are modified. |
UpdateServerGroupAttribute | The configurations of a server group are modified. |
UpdateServerGroupServersAttribute | The configurations of backend servers in a server group are modified. |