Access Logging
Scenarios
Access logs record HTTP and HTTPS requests to your load balancer in detail, such as request time, client IP address, request path, and server response. To enable access logging, you need to interconnect ELB with LTS and create a log group and log stream on the LTS console. After access logging is enabled, requests in new connections are recorded as logs, which are then uploaded to an AOM log bucket.
Configure Access Logging
- Create a log group.
- Log in to the management console.
- In the upper left corner of the page, click and select the desired region and project.
- Click Service List. Under Management & Deployment, click Log Tank Service.
- In the navigation pane on the left, choose Log Management.
- Click Create Log Group. In the displayed dialog box, enter a name for the log group.
- Click OK.
- Create a log stream.
- Locate the newly created log group and click its name.
- Click Create Log Stream. In the displayed dialog box, enter a name for the log stream.
- Click OK.
- To display access logs in real time, you need to configure the search function for the log stream.
- Locate the newly created log stream and click Search in the Operation column.
- On the displayed page, enter the search criteria as prompted.
- Click the search icon.
- Configure access logging.
- Click Service List. Under Network, click Elastic Load Balance.
- Locate the target load balancer and click its name.
- Under Access Logs, click Configure Access Log.
- Enable access logging and select the created log group and log stream.
- Click OK.
View Access Logs
After you enable access logging, you can obtain details about requests sent to your load balancer.
There are two ways for you to view access logs.
- On the ELB console, click the name of the target load balancer and click Access Logs to view logs.
- (Recommended) On the LTS console, click the name of the corresponding log stream. On the displayed page, click Real-Time Logs
The following is an example log. For details about the fields in the log, see Table 1.
$msec $access_log_topic_id [$time_iso8601] $log_ver $remote_addr:$remote_port $status "$request_method $scheme://$host$router_request_uri $server_protocol" $request_length $bytes_sent $body_bytes_sent $request_time "$upstream_status" "$upstream_connect_time" "$upstream_header_time" "$upstream_response_time" "$upstream_addr" "$http_user_agent" "$http_referer" "$http_x_forwarded_for" $lb_name $listener_name $listener_id $pool_name "$member_name" $tenant_id $eip_address:$eip_port "$upstream_addr_priv" $certificate_id $ssl_protocol $ssl_cipher $sni_domain_name $tcpinfo_rtt
Parameter |
Description |
---|---|
msec |
Time in seconds with a milliseconds resolution |
access_log_topic_id |
Log stream ID |
time_iso8601 |
Local time in the ISO 8601 standard format |
log_ver |
Log format version |
remote_addr: remote_port |
IP address and port number of the client |
status |
HTTP status code |
request_method scheme://host router_request_uri server_protocol |
Request method Request scheme://Hostname:URI Protocol (with version) |
request_length |
Length of the request received from the client, including the header and body |
bytes_sent |
Number of bytes sent to the client |
body_bytes_sent |
Number of bytes sent to the client (excluding the response header) |
request_time |
Request processing time in seconds, that is, the duration from the time when the load balancer receives the first request packet from the client to the time when the load balancer sends the response packet |
upstream_status |
Response status code returned by the backend server
|
upstream_connect_time |
Time taken to receive the response header from the backend server, in seconds with a millisecond resolution
|
upstream_header_time |
Time taken to receive the response header from the backend server, in seconds, with a millisecond resolution
|
upstream_response_time |
Time taken to receive the response header from the backend server, in seconds, with a millisecond resolution
|
upstream_addr |
Internal IP address and port number of the backend server This field can be ignored. |
http_user_agent |
http_user_agent in the request header received by the load balancer, indicating the system model and browser information of the client |
http_referer |
http_referer content in the request header received by the load balancer, indicating the page link of the request |
http_x_forwarded_for |
http_x_forwarded_for in the request header received by the load balancer, indicating the IP address of the proxy server that the request passes through |
lb_name |
Load balancer name in the format of loadbalancer_Load balancer ID |
listener_name |
Listener name in the format of listener_Listener ID |
listener_id |
Listener ID (This field can be ignored.) |
pool_name |
Backend server group name in the format of pool_backend server group ID |
member_name |
Backend server name in the format of member_server ID This field is not supported yet. |
tenant_id |
Tenant ID |
eip_address:eip_port |
EIP of the load balancer and frontend port set when the listener is added |
upstream_addr_priv |
IP address and port number of the backend server |
certificate_id |
[HTTPS listener] Certificate ID used for establishing an SSL connection This field is not supported yet. |
ssl_protocol |
[HTTPS listener] Protocol used for establishing an SSL connection For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field. |
ssl_cipher |
[HTTPS listener] Cipher suite used for establishing an SSL connection For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field. |
sni_domain_name |
[HTTPS listener] SNI domain name provided by the client during SSL handshake For a non-HTTPS listener, a hyphen (-) is displayed as a null value for this field. |
tcpinfo_rtt |
TCP Round Trip Time (RTT) between the load balancer and client in microseconds |
Configure Log Transfer
If you want to perform secondary analysis on access logs, you can refer to this section to transfer logs to OBS or Data Ingestion Service (DIS) for storage.
- Click Service List. Under Management & Deployment, click Log Tank Service.
- Click Log Transfer.
- Set the parameters based on site requirements. For details, see the Log Tank Service User Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot