Access Logs

Context

You can check access logs in either of the following ways:

Enable and check access logs via an independent API. Configure the API parameters to record the access log time and size. The access log content is returned through a REST API.
Print access logs. Your access logs are printed as files in backend logs.

Enabling the access log function may affect cluster performance.

The following table describes access log parameters.

**Table 1** Access log parameters
Parameter	Type	Description
duration_limit	String	Duration recorded in an access log. Value range: 10 to 120 Unit: s Default value: 30
capacity_limit	String	Size of an access log. After access logging is enabled, the size of recorded requests is checked. If the size exceeds the value of this parameter, the access logging stops. Value range: 1 to 5 Unit: MB Default value: 1

Access logging stops if either duration_limit or capacity_limit reaches the threshold.

Procedure

Log in to the CSS management console.
Choose Clusters in the navigation pane. On the Clusters page, locate the target cluster and click Access Kibana in the Operation column.
In the navigation pane on the left, choose Dev Tools and run commands to enable or disable access logs.
- Enabling access logs for all nodes in a cluster
```
PUT /_access_log?duration_limit=30s&capacity_limit=1mb
```
- Enabling access logs for a node in a cluster
```
PUT /_access_log/{nodeId}?duration_limit=30s&capacity_limit=1mb
```
  {nodeId} indicates the ID of the node where you want to enable access logs.

Use APIs to check access logs.

API for checking the access logs of all nodes in a cluster
```
GET /_access_log
```
API for checking the access logs of a node in a cluster
```
GET /_access_log/{nodeId}
```
{nodeId} indicates the ID of the node where you want to enable access logs.

Example response:

{
  "_nodes" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "cluster_name" : "css-flowcontroller",
  "nodes" : {
    "8x-ZHu-wTemBQwpcGivFKg" : {
      "name" : "css-flowcontroller-ess-esn-1-1",
      "host" : "10.0.0.98",
      "count" : 2,
      "access" : [
        {
          "time" : "2021-02-23 02:09:50",
          "remote_address" : "/10.0.0.98:28191",
          "url" : "/_access/security/log?pretty",
          "method" : "GET",
          "content" : ""
        },
        {
          "time" : "2021-02-23 02:09:52",
          "remote_address" : "/10.0.0.98:28193",
          "url" : "/_access/security/log?pretty",
          "method" : "GET",
          "content" : ""
        }
      ]
    }
  }
}

**Table 2** Response parameters
Parameter	Description
name	Node name
host	Node IP address
count	Number of node access requests in a statistical period
access	Details about node access requests in a statistical period For details, see Table 3.

**Table 3** access
Parameter	Description
time	Request time
remote_address	Source IP address and port number of the request
url	Original URL of the request
method	Method corresponding to the request path
content	Request content

Enable or disable the access log function.
All user access operation can be logged. By default, logs are recorded in the acces_log.log file in the background. The maximum size of a log file is 250 MB, and there can be a maximum of five log files. You can back up access log files to OBS.
- Enabling access logs
```
PUT /_cluster/settings
{
  "persistent": {
    "flowcontrol.accesslog.enabled": true  
   }
}
```
- Disabling access logs
```
PUT /_cluster/settings
{
  "persistent": {
    "flowcontrol.accesslog.enabled": false
   }
}
```