Help Center> Elastic Load Balance> User Guide> User Guide for Shared Load Balancers> Access Logging
Updated on 2024-06-20 GMT+08:00
View PDF

Access Logging

Scenarios

ELB logs HTTP and HTTPS requests received by load balancers, including the time when the request was sent, client IP address, request path, and server response.

With Log Tank Service (LTS), you can view logs of requests to load balancers at Layer 7 and analyze response status codes to quickly locate unhealthy backend servers.

ELB displays operations data, such as access logs, on the LTS console. Do not transmit private or sensitive data through fields in access logs. Encrypt your sensitive data if necessary.

Notes and Constraints

  • Access logs can be configured only for application (Layer 7) load balancers.
  • The access logs do not contain requests whose return code is 400 Bad Request. This is because such requests do not comply with HTTP specification and cannot be processed properly.

Prerequisites

Flowchart

Figure 1 Process for locating an unhealthy backend server

Creating a Log Group

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. In the upper left corner of the page, click and select Log Tank Service under Management & Governance.
  4. In the navigation pane on the left, choose Log Management.
  5. On the lower part of the displayed page, click Create Log Group. In the displayed dialog box, enter a name for the log group.
    Figure 2 Creating a log group
  6. Confirm the settings and click OK.

Creating a Log Stream

  1. On the LTS console, click on the left of the target log group.
  2. Click Create Log Stream. In the displayed dialog box, enter a name for the log stream.
    Figure 3 Creating a log stream
  3. Confirm the settings and click OK.

Configuring Access Logging

  1. Click in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  2. On the Load Balancers page, locate the load balancer and click its name.
  3. Under Access Logs, click Configure Access Logging.
  4. Enable access logging and select the log group and log stream you have created.
    Figure 4 Configuring access logging
  5. Click OK.

Ensure that the log group is in the same region as the load balancer.

Viewing Access Logs

There are two ways for you to view access logs.

  • On the ELB console, click the name of the load balancer and click Access Logs to view logs.
  • (Recommended) On the LTS console, locate the target log group and click its name. On the displayed page, locate the target log stream and click Real-Time Logs tab.

The log format is as follows, which cannot be modified:

$msec $access_log_topic_id [$time_iso8601] $log_ver $remote_addr:$remote_port $status "$request_method $scheme://$host$router_request_uri $server_protocol" $request_length $bytes_sent $body_bytes_sent $request_time "$upstream_status" "$upstream_connect_time" "$upstream_header_time" "$upstream_response_time" "$upstream_addr" "$http_user_agent" "$http_referer" "$http_x_forwarded_for" $lb_name $listener_name $listener_id
$pool_name "$member_name" $tenant_id $eip_address:$eip_port "$upstream_addr_priv" $certificate_id $ssl_protocol $ssl_cipher $sni_domain_name $tcpinfo_rtt $self_defined_header

The following is a log example:

1644819836.370 eb11c5a9-93a7-4c48-80fc-03f61f638595 [2022-02-14T14:23:56+08:00] elb_01 192.168.1.1:888 200 "POST https://www.test.com/example/ HTTP/1.1" 1411 251 3 0.011 "200" "0.000" "0.011" "0.011" "100.64.0.129:8080" "okhttp/3.13.1" "-" "-" loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687 listener_20679192-8888-4e62-a814-a2f870f62148 3333fd44fe3b42cbaa1dc2c641994d90 pool_89547549-6666-446e-9dbc-e3a551034c46 "-" f2bc165ad9b4483a9b17762da851bbbb 121.64.212.1:443 "10.1.1.2:8080" - TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 www.test.com 56704 -

Table 1 describes the fields in the log.

Table 1 Parameter description

Parameter

Description

Value Description

Example Value

msec

Time when the log is written, in seconds with a milliseconds resolution.

Floating-point data

1644819836.370

access_log_topic_id

Log stream ID.

uuid

eb11c5a9-93a7-4c48-80fc-03f61f638595

time_iso8601

Local time in the ISO 8601 standard format.

-

[2022-02-14T14:23:56+08:00]

log_ver

Log format version.

Fixed value: elb_01

elb_01

remote_addr: remote_port

IP address and port number of the client.

Records the IP address and port of the client.

192.168.1.1:888

status

HTTP status code.

Records the request status code.

200

request_method scheme://host request_uri server_protocol

Request method. Protocol://Host name: Request URI Request protocol.
  • request_method: request method.
  • scheme: HTTP or HTTPS
  • host: host name, which can be a domain name or an IP address.
  • request_uri:

    indicates the native URI initiated by the browser without any modification and it does not include the protocol and host name.

"POST https://www.test.com/example/ HTTP/1.1"

request_length

Length of the request received from the client, including the header and body.

Integer

1411

bytes_sent

Number of bytes sent to the client.

Integer

251

body_bytes_sent

Number of bytes sent to the client (excluding the response header).

Integer

3

request_time

Request processing time in seconds from the time when the load balancer receives the first request packet from the client to the time when the load balancer sends the response packet.

Floating-point data

0.011

upstream_status

HTTP status code returned by the upstream server.

  • When the load balancer attempts to retry a request, there will be multiple HTTP status codes.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

HTTP status code returned by the backend server to the load balancer

"200"

upstream_connect_time

Time taken to establish a connection with the server, in seconds, with a milliseconds resolution.

  • When the load balancer attempts to retry a request, there will be multiple connection times.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

Floating-point data

"0.000"

upstream_header_time

Time taken to receive the response header from the server, in seconds, with a milliseconds resolution.

  • When the load balancer attempts to retry a request, there will be multiple response times.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

Floating-point data

"0.011"

upstream_response_time

Time taken to receive the response from the server, in seconds, with a milliseconds resolution.

  • When the load balancer attempts to retry a request, there will be multiple response times.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

Floating-point data

"0.011"

upstream_addr

IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.

IP address and port number

"100.64.0.129:8080" (used by shared load balancers for internal communications)

http_user_agent

http_user_agent in the request header received by the load balancer, indicating the system model and browser information of the client.

Records the browser-related information.

"okhttp/3.13.1"

http_referer

http_referer in the request header received by the load balancer, indicating the page link of the request.

Request for a page link

"-"

http_x_forwarded_for

http_x_forwarded_for in the request header received by the load balancer, indicating the IP address of the proxy server that the request passes through.

IP address

"-"

lb_name

Load balancer name in the format of loadbalancer_load balancer ID

String

loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687

listener_name

Listener name in the format of listener_listener ID.

String

listener_20679192-8888-4e62-a814-a2f870f62148

listener_id

Listener ID. This field can be ignored.

String

3333fd44fe3b42cbaa1dc2c641994d90

pool_name

Backend server group name in the format of pool_backend server group ID

String

pool_89547549-6666-446e-9dbc-e3a551034c46

member_name

Backend server name in the format of member_server ID. This field is not supported yet. There may be multiple values separated by commas and spaces, and the value can be member_id) or -.

String

"-"

tenant_id

Tenant ID.

String

f2bc165ad9b4483a9b17762da851bbbb

eip_address:eip_port

EIP of the load balancer and frontend port that were set when the listener was added.

EIP of the load balancer and frontend port that were set when the listener was added.

121.64.212.1:443

upstream_addr_priv

IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.

IP address and port number

"10.1.1.2:8080"

certificate_id

[HTTPS listener] Certificate ID used for establishing an SSL connection. This field is not supported yet.

String

-

ssl_protocol

[HTTPS listener] Protocol used for establishing an SSL connection. For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.

String

TLSv1.2

ssl_cipher

[HTTPS listener] Cipher suite used for establishing an SSL connection. For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.

String

ECDHE-RSA-AES256-GCM-SHA384

sni_domain_name

[HTTPS listener] SNI domain name provided by the client during SSL handshakes. For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.

String

www.test.com

tcpinfo_rtt

TCP Round Trip Time (RTT) between the load balancer and client in microseconds.

Integer

56704

self_defined_header

This field is reserved. The default value is -.

String

-

Log analysis

At 14:23:56 GMT+08:00 on Feb 14, 2022, the load balancer receives an HTTP/1.1 POST request from a client whose IP address and port number are 192.168.1.1 and 888, then routes the request to a backend server whose IP address and port number are 100.64.0.129 and 8080, and finally returns 200 OK to the client after receiving the status code from the backend server.

Analysis results:

The backend server responds to the request normally.

Configuring Log Transfer

If you want to analyze access logs later, transfer the logs to OBS or Data Ingestion Service (DIS) for storage.

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click in the upper left corner and Management & Governance > Log Tank Service.
  4. In the navigation pane on the left, choose Log Transfer.
  5. On the Log Transfer page, click Configure Log Transfer in the upper right corner.
    Figure 5 Configuring log transfer
  6. Configure the parameters. For details, see the Log Tank Service User Guide.
Parent Topic: User Guide for Shared Load Balancers