Access Logging
Scenarios
ELB logs HTTP and HTTPS requests received by load balancers, including the time when the request was sent, client IP address, request path, and server response. To enable access logging, you need to interconnect ELB with LTS and create a log group and a log stream on the LTS console.
Access logging is supported by HTTP/HTTPS listeners of both dedicated and shared load balancers.
ELB displays operations data, such as access logs, on the LTS console. Do not transmit private or sensitive data through fields in access logs. Encrypt your sensitive data if necessary.
Configuring LTS
To view access logs, you first need to configure LTS by following the instructions in the Log Tank Service User Guide.
- Create a log group.
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Click in the upper left corner and Management & Deployment > Log Tank Service.
- In the navigation pane on the left, choose Log Management.
- Click Create Log Group. In the displayed dialog box, enter a name for the log group.
Set Log Retention Duration as required.
- Click OK.
- Create a log stream.
- On the LTS console, click on the left of a log group name.
- Click Create Log Stream. In the displayed dialog box, enter a name for the log stream.
- Click OK.
Configuring Access Logging
- Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
- Locate the load balancer and click its name.
- Under Access Logs, click Configure Access Logging.
- Enable access logging and select the log group and log stream you created.
- Click OK.
Viewing Access Logs
After you enable access logging, you can obtain details about the requests sent to your load balancer.
There are two ways for you to view access logs.
- On the ELB console, click the name of the load balancer and click Access Logs to view logs.
- (Recommended) On the LTS console, click the name of the corresponding log topic. On the displayed page, click Real-Time Logs
The following is an example log. For details about the fields in the log, see Table 1. The log format cannot be modified.
$msec $access_log_topic_id [$time_iso8601] $log_ver $remote_addr:$remote_port $status "$request_method $scheme://$host$router_request_uri $server_protocol" $request_length $bytes_sent $body_bytes_sent $request_time "$upstream_status" "$upstream_connect_time" "$upstream_header_time" "$upstream_response_time" "$upstream_addr" "$http_user_agent" "$http_referer" "$http_x_forwarded_for" $lb_name $listener_name $listener_id $pool_name "$member_name" $tenant_id $eip_address:$eip_port "$upstream_addr_priv" $certificate_id $ssl_protocol $ssl_cipher $sni_domain_name $tcpinfo_rtt $self_defined_header
Parameter |
Description |
Description |
Example Value |
---|---|---|---|
msec |
Time in seconds with a millisecond resolution |
Floating-point data |
1530153091.868 |
access_log_topic_id |
Log stream ID |
UUID |
04465dfa-640f-4567-8b58-45c9f8bbc23f |
time_iso8601 |
Local time in the ISO 8601 standard format |
- |
2018-06-28T10:31:31+08:00 |
log_ver |
Log format version |
Fixed value: elb_01 |
elb_01 |
remote_addr: remote_port |
IP address and port number of the client |
Records the IP address and port of the client. |
10.184.30.170:59605 |
status |
HTTP status code |
Records the request status code. |
200 |
request_method scheme://host request_uri server_protocol |
Request method Protocol://Host name: Request URI Request protocol |
|
POST https://setting1.hicloud.com/AccountServer/IUserInfoMng/stAuth?Version=26400&cVersion=ID_SDK_2.6.4.300 |
request_length |
Length of the request received from the client, including the header and body |
Integer |
295 |
bytes_sent |
Number of bytes sent to the client |
Integer |
58470080 |
body_bytes_sent |
Number of bytes sent to the client (excluding the response header) |
Integer |
58469792 |
request_time |
Request processing time in seconds from the time when the load balancer receives the first request packet from the client to the time when the load balancer sends the response packet |
Floating-point data |
499.769 |
upstream_status |
Response status code returned by the backend server
|
HTTP status code returned by the backend server to the load balancer |
200 or "-, 200", or "502, 502: 200", or "502:" |
upstream_connect_time |
Time taken to establish a connection with the backend server, in seconds, with a millisecond resolution
|
Floating-point data |
0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:" |
upstream_header_time |
Time taken to receive the response header from the backend server, in seconds, with a millisecond resolution
|
Floating-point data |
0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:" |
upstream_response_time |
Time taken to receive the response from the backend server, in seconds, with a millisecond resolution
|
Floating-point data |
0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:" |
upstream_addr |
IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -. This parameter is only available for dedicated load balancers. |
IP address and port number |
-, or 192.168.1.2:8080 |
http_user_agent |
http_user_agent in the request header received by the load balancer, indicating the system model and browser information of the client |
Records the browser-related information. |
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 |
http_referer |
http_referer in the request header received by the load balancer, indicating the page link of the request |
Request for a page link |
http://10.154.197.90/ |
http_x_forwarded_for |
http_x_forwarded_for in the request header received by the load balancer, indicating the IP address of the proxy server that the request passes through |
IP address |
10.154.197.90 |
lb_name |
Load balancer name in the format of loadbalancer_Load balancer ID |
String |
loadbalancer_789424af-3fd2-4292-8c62-2a2dd7005175 |
listener_name |
Listener name in the format of listener_Listener ID |
String |
listener_fde03b66-f960-440e-954a-0be8b2b75093 |
listener_id |
Listener ID (This field can be ignored.) |
String |
- |
pool_name |
Backend server group name in the format of pool_backend server group ID |
String |
pool_066a5dc5-a3e4-4ea1-99f1-2a5716b681f6 |
member_name |
Backend server name in the format of member_server ID (this field is not supported yet). There may be multiple values separated by commas and spaces, and each value is a member ID (member_id) or -. |
String |
member_47b07465-075a-4d2f-8ce9-0b9f39bff160 (There may be multiple values separated by commas and spaces, and each value is a member ID (member_id) or -.) |
tenant_id |
Tenant ID |
String |
04dd36f921000fe20f95c00bba986340 |
eip_address:eip_port |
EIP of the load balancer and frontend port that were set when the listener was added |
EIP of the load balancer and frontend port that were set when the listener was added |
4.17.12.248:443 |
upstream_addr_priv |
IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -. This parameter is only available for dedicated load balancers. |
IP address and port number |
-, 192.168.1.2:8080 (There may be multiple values by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.) |
certificate_id |
[HTTPS listener] Certificate ID used for establishing an SSL connection This field is not supported yet. |
String |
17b03b19-b2cc-454e-921b-4d187cce31dc |
ssl_protocol |
[HTTPS listener] Protocol used for establishing an SSL connection For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field. |
String |
TLS 1.2 |
ssl_cipher |
[HTTPS listener] Cipher suite used for establishing an SSL connection For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field. |
String |
ECDHE-RSA-AES256-GCM-SHA384 |
sni_domain_name |
[HTTPS listener] SNI domain name provided by the client during SSL handshake For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field. |
String |
www.test.com |
tcpinfo_rtt |
TCP Round Trip Time (RTT) between the load balancer and client in microseconds |
Integer |
39032 |
self_defined_header |
This field is reserved. The default value is -. |
String |
- |
Example Log
1644819836.370 eb11c5a9-93a7-4c48-80fc-03f61f638595 [2022-02-14T14:23:56+08:00] elb_01 192.168.1.1:888 200 "POST https://www.test.com/example /HTTP/1.1" 1411 251 3 0.011 "200" "0.000" "0.011" "0.011" "100.64.0.129:8080" "okhttp/3.13.1" "-" "-" loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687 listener_20679192-8888-4e62-a814-a2f870f62148 3333fd44fe3b42cbaa1dc2c641994d90 pool_89547549-6666-446e-9dbc-e3a551034c46 "-" f2bc165ad9b4483a9b17762da851bbbb 121.64.212.1:443 "10.1.1.2:8080" - TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 www.test.com 56704 -
The following table describes the fields in the log.
Field |
Example Value |
---|---|
msec |
1644819836.370 |
access_log_topic_id |
eb11c5a9-93a7-4c48-80fc-03f61f638595 |
time_iso8601 |
[2022-02-14T14:23:56+08:00] |
log_ver |
elb_01 |
remote_addr: remote_port |
192.168.1.1:888 |
status |
200 |
request_method scheme://host request_uri server_protocol |
"POST https://www.test.com/example/1 HTTP/1.1" |
request_length |
1411 |
bytes_sent |
251 |
body_bytes_sent |
3 |
request_time |
0.011 |
upstream_status |
"200" |
upstream_connect_time |
"0.000" |
upstream_header_time |
"0.011" |
upstream_response_time |
"0.011" |
upstream_addr |
"100.64.0.129:8080" |
http_user_agent |
"okhttp/3.13.1" |
http_referer |
"-" |
http_x_forwarded_for |
"-" |
lb_name |
loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687 |
listener_name |
listener_20679192-8888-4e62-a814-a2f870f62148 |
listener_id |
3333fd44fe3b42cbaa1dc2c641994d90 |
pool_name |
pool_89547549-6666-446e-9dbc-e3a551034c46 |
member_name |
"-" |
tenant_id |
f2bc165ad9b4483a9b17762da851bbbb |
eip_address:eip_port |
121.64.212.1:443 |
upstream_addr_priv |
"10.1.1.2:8080" |
certificate_id |
- |
ssl_protocol |
TLSv1.2 |
ssl_cipher |
ECDHE-RSA-AES256-GCM-SHA384 |
sni_domain_name |
www.test.com |
tcpinfo_rtt |
56704 |
self_defined_header |
- |
Log analysis:
At 14:23:56 GMT+08:00 on Feb 14, 2022, the load balancer receives an HTTP/1.1 POST request from a client whose IP address and port number are 192.168.1.1 and 888, then routes the request to a backend server whose IP address and port number are 100.64.0.129 and 8080, and finally returns 200 OK to the client after receiving the status code from the backend server.
Analysis results:
The backend server responds to the request normally.
Configuring Log Transfer
If you want to analyze access logs later, transfer the logs to OBS or Data Ingestion Service (DIS) for storage.
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Click in the upper left corner and Management & Deployment > Log Tank Service.
- In the navigation pane on the left, choose Log Transfer.
- On the Log Transfer page, click Configure Log Transfer in the upper right corner.
- Configure the parameters. For details, see the Log Tank Service User Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot