To audit or monitor the operations performed on Application Load Balancer (ALB), use the operation logs feature of ALB, which records the operations performed by your account on your ALB instances by calling API operations or using the ALB console.
Background information
ALB is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage ALB resources. ActionTrail can deliver management events to Logstores in Simple Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and identify the causes of issues.
View operations logs
In the ALB console, you can only view log records generated for your account in a single region within the past 90 days. Only one filter condition can be set to filter query results. If you require log records across multiple accounts or regions for a longer period, or need to set multiple filter conditions or run custom SQL statements to filter query results, create trails and configure ActionTrail to deliver events to specific Alibaba Cloud services. Then, use the advanced event query feature of ActionTrail to view the log records.
Log on to the ALB console.
In the left-side navigation pane, choose ALB > Operation Log.
In the top navigation bar, select a region.
On the Operation Log page, set a filter condition and specify a period to filter the required log records.
Filter conditions include Read/Write Type, Event Name, Operator, Resource Type, Resource Name, Event Type, and Sensitive Action.
In the records list displayed, find the event you want to view, click View Details in the Actions column, and view the event details and code record on the displayed panel.
- Note
For more information about event fields, see Management event structure.
Audit events of ALB
Event | Description |
AddEntriesToAcl | IP entries are added to an access control list (ACL). |
AddServersToServerGroup | Backend servers are added to the specified server group. |
ApplyHealthCheckTemplateToServerGroup | A health check template is applied to a server group. |
AssociateAclsWithListener | ACLs are associated with a listener. |
AssociateAdditionalCertificatesWithListener | Additional certificates are added to a listener. |
AttachCommonBandwidthPackageToLoadBalancer | An elastic IP address (EIP) bandwidth plan is associated with an ALB instance. |
Create | AnALB instance is purchased on the buy page. |
CreateAcl | An ACL is created. |
CreateAScripts | A programmable script is created. |
CreateHealthCheckTemplate | A health check template is created. |
CreateListener | A listener is created. |
CreateLoadBalancer | An ALB instance is created. |
CreateRule | A forwarding rule is created. |
CreateRules | Multiple forwarding rules are created. |
CreateSecurityPolicy | A custom security policy is created. |
CreateServerGroup | A server group is created. |
DeleteAcl | An ACL is deleted. |
DeleteAScripts | A programmable script is deleted. |
DeleteHealthCheckTemplates | Multiple health check templates are deleted at a time. |
DeleteListener | A listener is deleted. |
DeleteLoadBalancer | An ALB instance is deleted. |
DeleteRule | A forwarding rule is deleted. |
DeleteRules | Multiple forwarding rules are deleted at a time. |
DeleteSecurityPolicy | A custom security policy is deleted. |
DeleteServerGroup | A server group is deleted. |
DescribeRegions | The regions that are supported by ALB are queried. |
DescribeZones | The zones in a region are queried. |
DetachCommonBandwidthPackageFromLoadBalancer | An Internet Shared Bandwidth is disassociated from an ALB instance. |
DisableDeletionProtection | The deletion protection feature is disabled for an ALB instance. |
DisableLoadBalancerAccessLog | The access log feature is disabled for an ALB instance. |
DisableLoadBalancerIpv6Internet | IPv6 Internet bandwidth is disabled for an ALB instance. |
DissociateAclsFromListener | ACLs are disassociated from a listener. |
DissociateAdditionalCertificatesFromListener | Additional certificates are removed from a listener. |
EnableConfigManaged | The configuration management feature is enabled for an ALB instance. |
EnableDeletionProtection | The deletion protection feature is enabled for an ALB instance. |
EnableLoadBalancerAccessLog | The access log feature is enabled for an ALB instance. |
EnableLoadBalancerIpv6Internet | IPv6 Internet bandwidth is enabled for an ALB instance. |
GetGlobalLoadBalancerSummary | The summarized information about global server load balancing is queried. |
GetHealthCheckTemplateAttribute | The details of a health check template are queried. |
GetListenerAttribute | The details of a listener are queried. |
GetListenerHealthStatus | The health check status of a listener is queried. |
GetLoadBalancerAttribute | The details of an ALB instance are queried. |
InitializeServiceLinkedRole | The service-linked role is initialized. |
ListAclEntries | IP entries of an ACL are queried. |
ListAclRelations | The listeners that are associated with an ACL are queried. |
ListAcls | The ACLs in a region are queried. |
ListAScripts | Programmable scripts are queried. |
ListAsynJobs | Asynchronous tasks are queried. |
ListBackupVersions | Configuration backups are queried. |
ListHealthCheckTemplates | Health check templates are queried. |
ListListenerCertificates | The certificates that are associated with a listener are queried. |
ListListeners | Listeners are queried. |
ListLoadBalancerLocalAddress | The back-to-origin routes of an ALB instance are queried. |
ListLoadBalancers | ALB instances are queried. |
ListRules | Forwarding rules are queried. |
ListSecurityPolicies | Custom security policies are queried. |
ListSecurityPolicyRelations | The listeners that are associated with specified security policies are queried. |
ListServerGroups | Server groups are queried. |
ListServerGroupServers | The backend servers in a server group are queried. |
ListSystemSecurityPolicies | System security policies are queried. |
ListTagKeys | The tag keys of an ALB instance are queried. |
ListTagResources | The keys and values of tags that are added to resources are queried. |
ListTagValues | The tag values of an ALB instance are queried. |
Modify | The specifications of an ALB instance are modified on the buy page. |
MoveResourceGroup | A resource is moved from one resource group to another. |
Release | A resource such as an ALB instance is released. |
RemoveEntriesFromAcl | IP entries are removed from an ACL. |
RemoveServersFromServerGroup | Backend servers are removed from a server group. |
ReplaceServersInServerGroup | Backend servers in a server group are replaced. |
SerializeLoadBalancer | The configurations of an ALB instance are serialized. |
SerializeServerGroup | The configurations of a server group are serialized. |
ServiceManagedControl | ALB resources are managed. |
StartListener | A listener is started. |
StopListener | A listener is stopped. |
TagResources | Tags are added to resources. |
UnSerializeLoadBalancer | The configurations of an ALB instance are deserialized. |
UnTagResources | Tags are removed from resources. |
UpdateAclAttribute | The attributes of an ACL are modified. |
UpdateAScripts | Programmable scripts are modified. |
UpdateHealthCheckTemplateAttribute | The attributes of a health check template are modified. |
UpdateListenerAttribute | The configurations of a listener are modified. |
UpdateListenerLogConfig | The log configurations of a listener are modified. |
UpdateLoadBalancerAddressTypeConfig | The network type of an ALB instance is changed. |
UpdateLoadBalancerAttribute | The attributes of an ALB instance are modified. |
UpdateLoadBalancerBillingConfig | The billing configurations of an ALB instance are modified. |
UpdateLoadBalancerEdition | The edition of an ALB instance is changed. |
UpdateLoadBalancerZones | The zones of an ALB instance are modified. |
UpdateRuleAttribute | The attributes of a forwarding rule are modified. |
UpdateRulesAttribute | The attributes of forwarding rules are modified. |
UpdateSecurityPolicyAttribute | The attributes of a security policy are modified. |
UpdateServerGroupAttribute | The configurations of a server group are modified. |
UpdateServerGroupServersAttribute | The configurations of backend servers in a server group are modified. |