Updated on 2024-04-19 GMT+08:00

Access Logging

Scenarios

ELB logs HTTP and HTTPS requests received by load balancers, including the time when the request was sent, client IP address, request path, and server response. To enable access logging, you need to interconnect ELB with LTS and create a log group and a log stream on the LTS console.

Access logging is supported by HTTP/HTTPS listeners of both dedicated and shared load balancers.

ELB displays operations data, such as access logs, on the LTS console. Do not transmit private or sensitive data through fields in access logs. Encrypt your sensitive data if necessary.

Configuring LTS

To view access logs, you first need to configure LTS by following the instructions in the Log Tank Service User Guide.

  1. Create a log group.
    1. Log in to the management console.
    2. In the upper left corner of the page, click and select the desired region and project.
    3. Click in the upper left corner and Management & Deployment > Log Tank Service.
    1. In the navigation pane on the left, choose Log Management.
    2. Click Create Log Group. In the displayed dialog box, enter a name for the log group.

      Set Log Retention Duration as required.

    1. Click OK.
  2. Create a log stream.
    1. On the LTS console, click on the left of a log group name.
    2. Click Create Log Stream. In the displayed dialog box, enter a name for the log stream.
    3. Click OK.

Configuring Access Logging

Configure access logging on the ELB console.
  1. Hover on in the upper left corner to display Service List and choose Network > Elastic Load Balance.
  2. Locate the load balancer and click its name.
  3. Under Access Logs, click Configure Access Logging.
  1. Enable access logging and select the log group and log stream you created.
  2. Click OK.

Viewing Access Logs

After you enable access logging, you can obtain details about the requests sent to your load balancer.

There are two ways for you to view access logs.

  • On the ELB console, click the name of the load balancer and click Access Logs to view logs.
  • (Recommended) On the LTS console, click the name of the corresponding log topic. On the displayed page, click Real-Time Logs

The following is an example log. For details about the fields in the log, see Table 1. The log format cannot be modified.

$msec $access_log_topic_id [$time_iso8601] $log_ver $remote_addr:$remote_port $status "$request_method $scheme://$host$router_request_uri $server_protocol" $request_length $bytes_sent $body_bytes_sent $request_time "$upstream_status" "$upstream_connect_time" "$upstream_header_time" "$upstream_response_time" "$upstream_addr" "$http_user_agent" "$http_referer" "$http_x_forwarded_for" $lb_name $listener_name $listener_id
$pool_name "$member_name" $tenant_id $eip_address:$eip_port "$upstream_addr_priv" $certificate_id $ssl_protocol $ssl_cipher $sni_domain_name $tcpinfo_rtt $self_defined_header
Table 1 Parameter description

Parameter

Description

Description

Example Value

msec

Time in seconds with a millisecond resolution

Floating-point data

1530153091.868

access_log_topic_id

Log stream ID

UUID

04465dfa-640f-4567-8b58-45c9f8bbc23f

time_iso8601

Local time in the ISO 8601 standard format

-

2018-06-28T10:31:31+08:00

log_ver

Log format version

Fixed value: elb_01

elb_01

remote_addr: remote_port

IP address and port number of the client

Records the IP address and port of the client.

10.184.30.170:59605

status

HTTP status code

Records the request status code.

200

request_method scheme://host request_uri server_protocol

Request method Protocol://Host name: Request URI Request protocol

  • request_method: request method
  • scheme: HTTP or HTTPS
  • host: host name, which can be a domain name or an IP address
  • request_uri: indicates the native URI initiated by the browser without any modification does not include the protocol and host name.

POST https://setting1.hicloud.com/AccountServer/IUserInfoMng/stAuth?Version=26400&cVersion=ID_SDK_2.6.4.300

request_length

Length of the request received from the client, including the header and body

Integer

295

bytes_sent

Number of bytes sent to the client

Integer

58470080

body_bytes_sent

Number of bytes sent to the client (excluding the response header)

Integer

58469792

request_time

Request processing time in seconds from the time when the load balancer receives the first request packet from the client to the time when the load balancer sends the response packet

Floating-point data

499.769

upstream_status

Response status code returned by the backend server

  • When the load balancer attempts to retry a request, there will be multiple response status codes.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

HTTP status code returned by the backend server to the load balancer

200 or "-, 200", or "502, 502: 200", or "502:"

upstream_connect_time

Time taken to establish a connection with the backend server, in seconds, with a millisecond resolution

  • When the load balancer attempts to retry a request, there will be multiple connection times.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

Floating-point data

0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:"

upstream_header_time

Time taken to receive the response header from the backend server, in seconds, with a millisecond resolution

  • When the load balancer attempts to retry a request, there will be multiple response times.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

Floating-point data

0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:"

upstream_response_time

Time taken to receive the response from the backend server, in seconds, with a millisecond resolution

  • When the load balancer attempts to retry a request, there will be multiple response times.
  • If the request is not correctly routed to the backend server, a hyphen (-) is displayed as a null value for this field.

Floating-point data

0.008, "-, 0.008", "0.008, 0.005: 0.004", or "0.008:"

upstream_addr

IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.

This parameter is only available for dedicated load balancers.

IP address and port number

-, or 192.168.1.2:8080

http_user_agent

http_user_agent in the request header received by the load balancer, indicating the system model and browser information of the client

Records the browser-related information.

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

http_referer

http_referer in the request header received by the load balancer, indicating the page link of the request

Request for a page link

http://10.154.197.90/

http_x_forwarded_for

http_x_forwarded_for in the request header received by the load balancer, indicating the IP address of the proxy server that the request passes through

IP address

10.154.197.90

lb_name

Load balancer name in the format of loadbalancer_Load balancer ID

String

loadbalancer_789424af-3fd2-4292-8c62-2a2dd7005175

listener_name

Listener name in the format of listener_Listener ID

String

listener_fde03b66-f960-440e-954a-0be8b2b75093

listener_id

Listener ID (This field can be ignored.)

String

-

pool_name

Backend server group name in the format of pool_backend server group ID

String

pool_066a5dc5-a3e4-4ea1-99f1-2a5716b681f6

member_name

Backend server name in the format of member_server ID (this field is not supported yet). There may be multiple values separated by commas and spaces, and each value is a member ID (member_id) or -.

String

member_47b07465-075a-4d2f-8ce9-0b9f39bff160 (There may be multiple values separated by commas and spaces, and each value is a member ID (member_id) or -.)

tenant_id

Tenant ID

String

04dd36f921000fe20f95c00bba986340

eip_address:eip_port

EIP of the load balancer and frontend port that were set when the listener was added

EIP of the load balancer and frontend port that were set when the listener was added

4.17.12.248:443

upstream_addr_priv

IP address and port number of the backend server. There may be multiple values separated by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.

This parameter is only available for dedicated load balancers.

IP address and port number

-, 192.168.1.2:8080 (There may be multiple values by commas and spaces, and each value is in the format of {IP address}:{Port number} or -.)

certificate_id

[HTTPS listener] Certificate ID used for establishing an SSL connection

This field is not supported yet.

String

17b03b19-b2cc-454e-921b-4d187cce31dc

ssl_protocol

[HTTPS listener] Protocol used for establishing an SSL connection

For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.

String

TLS 1.2

ssl_cipher

[HTTPS listener] Cipher suite used for establishing an SSL connection

For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.

String

ECDHE-RSA-AES256-GCM-SHA384

sni_domain_name

[HTTPS listener] SNI domain name provided by the client during SSL handshake

For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field.

String

www.test.com

tcpinfo_rtt

TCP Round Trip Time (RTT) between the load balancer and client in microseconds

Integer

39032

self_defined_header

This field is reserved. The default value is -.

String

-

Example Log

1644819836.370 eb11c5a9-93a7-4c48-80fc-03f61f638595 [2022-02-14T14:23:56+08:00] elb_01 192.168.1.1:888 200 "POST https://www.test.com/example /HTTP/1.1" 1411 251 3 0.011 "200" "0.000" "0.011" "0.011" "100.64.0.129:8080" "okhttp/3.13.1" "-" "-" loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687 listener_20679192-8888-4e62-a814-a2f870f62148 3333fd44fe3b42cbaa1dc2c641994d90 pool_89547549-6666-446e-9dbc-e3a551034c46 "-" f2bc165ad9b4483a9b17762da851bbbb 121.64.212.1:443 "10.1.1.2:8080" - TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 www.test.com 56704 -

The following table describes the fields in the log.

Table 2 Fields in the log

Field

Example Value

msec

1644819836.370

access_log_topic_id

eb11c5a9-93a7-4c48-80fc-03f61f638595

time_iso8601

[2022-02-14T14:23:56+08:00]

log_ver

elb_01

remote_addr: remote_port

192.168.1.1:888

status

200

request_method scheme://host request_uri server_protocol

"POST https://www.test.com/example/1 HTTP/1.1"

request_length

1411

bytes_sent

251

body_bytes_sent

3

request_time

0.011

upstream_status

"200"

upstream_connect_time

"0.000"

upstream_header_time

"0.011"

upstream_response_time

"0.011"

upstream_addr

"100.64.0.129:8080"

http_user_agent

"okhttp/3.13.1"

http_referer

"-"

http_x_forwarded_for

"-"

lb_name

loadbalancer_295a7eee-9999-46ed-9fad-32a62ff0a687

listener_name

listener_20679192-8888-4e62-a814-a2f870f62148

listener_id

3333fd44fe3b42cbaa1dc2c641994d90

pool_name

pool_89547549-6666-446e-9dbc-e3a551034c46

member_name

"-"

tenant_id

f2bc165ad9b4483a9b17762da851bbbb

eip_address:eip_port

121.64.212.1:443

upstream_addr_priv

"10.1.1.2:8080"

certificate_id

-

ssl_protocol

TLSv1.2

ssl_cipher

ECDHE-RSA-AES256-GCM-SHA384

sni_domain_name

www.test.com

tcpinfo_rtt

56704

self_defined_header

-

Log analysis:

At 14:23:56 GMT+08:00 on Feb 14, 2022, the load balancer receives an HTTP/1.1 POST request from a client whose IP address and port number are 192.168.1.1 and 888, then routes the request to a backend server whose IP address and port number are 100.64.0.129 and 8080, and finally returns 200 OK to the client after receiving the status code from the backend server.

Analysis results:

The backend server responds to the request normally.

Configuring Log Transfer

If you want to analyze access logs later, transfer the logs to OBS or Data Ingestion Service (DIS) for storage.

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Click in the upper left corner and Management & Deployment > Log Tank Service.
  4. In the navigation pane on the left, choose Log Transfer.
  5. On the Log Transfer page, click Configure Log Transfer in the upper right corner.
  1. Configure the parameters. For details, see the Log Tank Service User Guide.