Access Logging

Scenarios

ELB logs HTTP and HTTPS requests received by load balancers, including the time when the request was sent, client IP address, request path, and server response. To enable access logging, you need to interconnect ELB with LTS and create a log group and a log stream on the LTS console.

Access logging is supported by HTTP/HTTPS listeners of both dedicated and shared load balancers.

ELB displays operations data, such as access logs, on the LTS console. Do not transmit private or sensitive data through fields in access logs. Encrypt your sensitive data if necessary.

Configuring LTS

To view access logs, you first need to configure LTS by following the instructions in the Log Tank Service User Guide.

Create a log group.
1. Log in to the management console.
2. In the upper left corner of the page, click and select the desired region and project.
3. Click in the upper left corner and Management & Deployment > Log Tank Service.
1. In the navigation pane on the left, choose Log Management.
2. Click Create Log Group. In the displayed dialog box, enter a name for the log group.
  Set Log Retention Duration as required.
1. Click OK.
Create a log stream.
1. On the LTS console, click on the left of a log group name.
2. Click Create Log Stream. In the displayed dialog box, enter a name for the log stream.
3. Click OK.

Configuring Access Logging

Configure access logging on the ELB console.

Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
Locate the load balancer and click its name.
Under Access Logs, click Configure Access Logging.

Enable access logging and select the log group and log stream you created.
Click OK.

Viewing Access Logs

After you enable access logging, you can obtain details about the requests sent to your load balancer.

There are two ways for you to view access logs.

On the ELB console, click the name of the load balancer and click Access Logs to view logs.
(Recommended) On the LTS console, click the name of the corresponding log topic. On the displayed page, click Real-Time Logs

The following is an example log. For details about the fields in the log, see Table 1. The log format cannot be modified.

$msec $access_log_topic_id [$time_iso8601] $log_ver $remote_addr:$remote_port $status "$request_method $scheme://$host$router_request_uri $server_protocol" $request_length $bytes_sent $body_bytes_sent $request_time "$upstream_status" "$upstream_connect_time" "$upstream_header_time" "$upstream_response_time" "$upstream_addr" "$http_user_agent" "$http_referer" "$http_x_forwarded_for" $lb_name $listener_name $listener_id
$pool_name "$member_name" $tenant_id $eip_address:$eip_port "$upstream_addr_priv" $certificate_id $ssl_protocol $ssl_cipher $sni_domain_name $tcpinfo_rtt $self_defined_header

**Table 1** Parameter description
Parameter	Description	Description	Example Value
msec	Time in seconds with a millisecond resolution	Floating-point data	1530153091.868
access_log_topic_id	Log stream ID	UUID	04465dfa-640f-4567-8b58-45c9f8bbc23f
time_iso8601	Local time in the ISO 8601 standard format	-	2018-06-28T10:31:31+08:00
log_ver	Log format version	Fixed value: elb_01	elb_01
remote_addr: remote_port	IP address and port number of the client	Records the IP address and port of the client.	10.184.30.170:59605
status	HTTP status code	Records the request status code.	200
request_method scheme://host request_uri server_protocol	Request method Protocol://Host name: Request URI Request protocol	request_method: request method scheme: HTTP or HTTPS host: host name, which can be a domain name or an IP address request_uri: indicates the native URI initiated by the browser without any modification does not include the protocol and host name.	POST https://setting1.hicloud.com/AccountServer/IUserInfoMng/stAuth?Version=26400&cVersion=ID_SDK_2.6.4.300
request_length	Length of the request received from the client, including the header and body	Integer	295
bytes_sent	Number of bytes sent to the client	Integer	58470080
body_bytes_sent	Number of bytes sent to the client (excluding the response header)	Integer	58469792
request_time	Request processing time in seconds from the time when the load balancer receives the first request packet from the client to the time when the load balancer sends the response packet	Floating-point data	499.769
upstream_status	Response status code returned by the backend server When the load balancer attempts to retry a request, there will be multiple response status codes. If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.	HTTP status code returned by the backend server to the load balancer	200 or "-, 200", or "502, 502: 200", or "502:"
upstream_connect_time	Time taken to establish a connection with the backend server, in seconds, with a millisecond resolution When the load balancer attempts to retry a request, there will be multiple connection times. If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.	Floating-point data	0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:"
upstream_header_time	Time taken to receive the response header from the backend server, in seconds, with a millisecond resolution When the load balancer attempts to retry a request, there will be multiple response times. If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.	Floating-point data	0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:"
upstream_response_time	Time taken to receive the response from the backend server, in seconds, with a millisecond resolution When the load balancer attempts to retry a request, there will be multiple response times. If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.	Floating-point data	0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:"
upstream_addr	IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -. This parameter is only available for dedicated load balancers.	IP address and port number	-, or 192.168.1.2:8080
http_user_agent	http_user_agent in the request header received by the load balancer, indicating the system model and browser information of the client	Records the browser-related information.	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
http_referer	http_referer in the request header received by the load balancer, indicating the page link of the request	Request for a page link	http://10.154.197.90/
http_x_forwarded_for	http_x_forwarded_for in the request header received by the load balancer, indicating the IP address of the proxy server that the request passes through	IP address	10.154.197.90
lb_name	Load balancer name in the format of loadbalancer_Load balancer ID	String	loadbalancer_789424af-3fd2-4292-8c62-2a2dd7005175
listener_name	Listener name in the format of listener_Listener ID	String	listener_fde03b66-f960-440e-954a-0be8b2b75093
listener_id	Listener ID (This field can be ignored.)	String	-
pool_name	Backend server group name in the format of pool_backend server group ID	String	pool_066a5dc5-a3e4-4ea1-99f1-2a5716b681f6
member_name	Backend server name in the format of member_server ID (this field is not supported yet). There may be multiple values separated by commas and spaces, and each value is a member ID (member_id) or -.	String	member_47b07465-075a-4d2f-8ce9-0b9f39bff160 (There may be multiple values separated by commas and spaces, and each value is a member ID (member_id) or -.)
tenant_id	Tenant ID	String	04dd36f921000fe20f95c00bba986340
eip_address:eip_port	EIP of the load balancer and frontend port that were set when the listener was added	EIP of the load balancer and frontend port that were set when the listener was added	4.17.12.248:443
upstream_addr_priv	IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -. This parameter is only available for dedicated load balancers.	IP address and port number	-, 192.168.1.2:8080 (There may be multiple values by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.)
certificate_id	[HTTPS listener] Certificate ID used for establishing an SSL connection This field is not supported yet.	String	17b03b19-b2cc-454e-921b-4d187cce31dc
ssl_protocol	[HTTPS listener] Protocol used for establishing an SSL connection For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.	String	TLS 1.2
ssl_cipher	[HTTPS listener] Cipher suite used for establishing an SSL connection For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.	String	ECDHE-RSA-AES256-GCM-SHA384
sni_domain_name	[HTTPS listener] SNI domain name provided by the client during SSL handshake For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.	String	www.test.com
tcpinfo_rtt	TCP Round Trip Time (RTT) between the load balancer and client in microseconds	Integer	39032
self_defined_header	This field is reserved. The default value is -.	String	-

Example Log

1644819836.370 eb11c5a9-93a7-4c48-80fc-03f61f638595 [2022-02-14T14:23:56+08:00] elb_01 192.168.1.1:888 200 "POST https://www.test.com/example /HTTP/1.1" 1411 251 3 0.011 "200" "0.000" "0.011" "0.011" "100.64.0.129:8080" "okhttp/3.13.1" "-" "-" loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687 listener_20679192-8888-4e62-a814-a2f870f62148 3333fd44fe3b42cbaa1dc2c641994d90 pool_89547549-6666-446e-9dbc-e3a551034c46 "-" f2bc165ad9b4483a9b17762da851bbbb 121.64.212.1:443 "10.1.1.2:8080" - TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 www.test.com 56704 -

The following table describes the fields in the log.

**Table 2** Fields in the log
Field	Example Value
msec	1644819836.370
access_log_topic_id	eb11c5a9-93a7-4c48-80fc-03f61f638595
time_iso8601	[2022-02-14T14:23:56+08:00]
log_ver	elb_01
remote_addr: remote_port	192.168.1.1:888
status	200
request_method scheme://host request_uri server_protocol	"POST https://www.test.com/example/1 HTTP/1.1"
request_length	1411
bytes_sent	251
body_bytes_sent	3
request_time	0.011
upstream_status	"200"
upstream_connect_time	"0.000"
upstream_header_time	"0.011"
upstream_response_time	"0.011"
upstream_addr	"100.64.0.129:8080"
http_user_agent	"okhttp/3.13.1"
http_referer	"-"
http_x_forwarded_for	"-"
lb_name	loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687
listener_name	listener_20679192-8888-4e62-a814-a2f870f62148
listener_id	3333fd44fe3b42cbaa1dc2c641994d90
pool_name	pool_89547549-6666-446e-9dbc-e3a551034c46
member_name	"-"
tenant_id	f2bc165ad9b4483a9b17762da851bbbb
eip_address:eip_port	121.64.212.1:443
upstream_addr_priv	"10.1.1.2:8080"
certificate_id	-
ssl_protocol	TLSv1.2
ssl_cipher	ECDHE-RSA-AES256-GCM-SHA384
sni_domain_name	www.test.com
tcpinfo_rtt	56704
self_defined_header	-

Log analysis:

At 14:23:56 GMT+08:00 on Feb 14, 2022, the load balancer receives an HTTP/1.1 POST request from a client whose IP address and port number are 192.168.1.1 and 888, then routes the request to a backend server whose IP address and port number are 100.64.0.129 and 8080, and finally returns 200 OK to the client after receiving the status code from the backend server.

Analysis results:

The backend server responds to the request normally.

Configuring Log Transfer

If you want to analyze access logs later, transfer the logs to OBS or Data Ingestion Service (DIS) for storage.

Log in to the management console.
In the upper left corner of the page, click and select the desired region and project.
Click in the upper left corner and Management & Deployment > Log Tank Service.
In the navigation pane on the left, choose Log Transfer.
On the Log Transfer page, click Configure Log Transfer in the upper right corner.