CLB supports configuring layer-7 (HTTP/HTTPS) access logs that can help you better understand client requests, troubleshoot issues, and analyze user behaviors. Currently, access logs can be stored in CLS, reported at a minute granularity, and searched online by multiple rules.
Access logs of CLB are mainly used to quickly locate and troubleshoot issues. The access logging feature includes log reporting, storage, and search:
Log reporting: provides best-effort services. In other words, service forwarding has a higher priority than log reporting.
Log storage and query: SLA is guaranteed based on the storage service currently in use.
Note:
Currently, access logs can be stored in CLS only for layer-7 protocols (HTTP/HTTPS) but not layer-4 protocols (TCP/UDP/TCP SSL).
Storing CLB access logs to CLS is now free of charge. You only need to pay for the CLS service.
This feature is supported only in certain regions as displayed in the console.
Method 1: Single-Instance Access Logging
Step 1. Enable access log storage in CLS
1. Log in to the CLB console, and click Instance management in the left sidebar.
2. On the Instance management page, click the ID of the target CLB instance.
3. Click Enable in the Access Log (Layer-7) panel on the Basic Info tab.
4. In the pop-up Enable Access Logs (Layer-7) window, enable logging and select the destination logset and log topic for access log storage, and then click OK. If you have not created a logset or log topic, create one and then select it as the storage location.
Note:
We recommend that you use a log topic marked with CLB in the clb_logset logset. The differences between a log topic marked with CLB and a common log topic are as follows:
CLB log topics can automatically create an index, while a common log topic requires manual index creation.
A dashboard is provided for CLB log topics by default, but needs to be manually configured for a common log topic.
5. Click the logset or log topic to go to the Search Analysis page in the CLS console.
6. (Optional) To disable access logging, click Modify Configuration. In the Modify Access Logs (Layer-7) window, disable it and click Submit.
Step 2. Configure log topic indexes
Note:
If access logging is configured for a single instance, you must configure the index for the log topic. Otherwise, no logs can be found.
The recommended indexes are as follows:
Key-value Index
Field Type
Delimiter
server_addr
text
Not required
server_name
text
Not required
http_host
text
Not required
status
long
-
vip_vpcid
long
-
The steps are as follows:
1. Log in to the CLS console, and click Log Topic in the left sidebar.
2. On the Log Topic page, click the ID of the target log topic.
3. On the log topic details page, click the Index Configuration tab, and click Edit in the top-right corner to add indexes. For more information about index configuration, see Configuring Index.
4. The index configuration is as shown below:
Step 3. View access logs
1. Log in to the CLS console, and click Search Analysis in the left sidebar.
2. On the Search Analysis page, select a logset, log topic, and time range, and click Search Analysis to search for the access logs reported by CLB to CLS. For more information about the search syntax, see Legacy CLS Search Syntax.
Method 2: Batch Configure Access Logging
Step 1: Create a logset and log topic.
To configure access logs in CLS, you need to first create a logset and log topic.
If you have created a logset and log topic, skip to Step 2.
1. Log in to the CLB console and click Access Logs in the left sidebar.
2. On the Access Logs page, select a region for the logset, and then click Create Logset in the Logset information section.
3. In the pop-up Create Logset window, set the retention period and click Save.
Note:
You can create only a single logset named "clb_logset" in each region.
4. Click Create Log Topic in the Log Topic section of the Access Logs page.
5. In the pop-up window, specify the storage type and log retention period, select a CLB instance in the list on the left and add it to the list on the right, and then click Save.
Note:
Supported storage types: STANDARD storage and IA storage. For more information, see Storage Class Overview.
Logs can be retained permanently or for a specified period of time.
When you create a log topic, you can add a CLB instance as needed. To add a CLB instance after a log topic is created, click Manage in the Operation column of the log topic in the list. Each CLB instance can be added to only one log topic.
A logset can contain multiple log topics. You can categorize CLB logs into various log topics which will be marked with CLB by default.
6. (Optional) To disable access logging, click Disable.
Step 2. View access logs
Without any manual configurations, CLB has been automatically configured with index search by access log variable. You can directly query access logs through search and analysis.
1. Log in to the CLB console and click Access Logs in the left sidebar.
2. Click Search in the Operation column of the topic log topic to go to the Search Analysis page in the CLS console.
3. On the Search Analysis page, enter the search syntax in the input box, select a time range, and then click Search Analysis to search for access logs reported by CLB to CLS.
Note:
For more information about the search syntax, see Syntax Rules.
server_name value of a rule, that is, the domain name configured in a CLB listener.
text
remote_addr
Client IP address.
text
remote_port
Client port.
long
status
Status code returned by the CLB instance to the client.
long
upstream_addr
Address of the real server (RS).
text
upstream_status
Status code returned by the RS to the CLB instance.
text
proxy_host
Stream ID.
text
request
Request line.
text
request_length
Number of bytes of the request received from the client.
long
bytes_sent
Number of bytes sent to the client.
long
http_host
Request domain name, which is the value of the Host field in the HTTP header.
text
http_user_agent
user_agent field in the HTTP header.
text
http_referer
Source of the HTTP request.
text
http_x_forward_for
Content of x-forward-for header in the HTTP request.
text
request_time
Request processing time, which is duration from when the first byte is received from the client to when the last byte is sent to the client, that is, the total time consumed by the whole process in which the client request reaches the CLB instance, the CLB instance forwards the request to an RS, the RS responds and sends data to the CLB instance, and finally the CLB instance forwards the data to the client. Unit: seconds.
double
upstream_response_time
The time that an entire backend request process takes, starting from when the CLB instance connects with an RS to when the RS receives the request and responds. Unit: seconds.
double
upstream_connect_time
The time taken to establish a TCP connection with an RS, starting from when the CLB instance connects with the RS to when the CLB instance sends an HTTP request.
double
upstream_header_time
The time taken to receive an HTTP header from the RS, starting from when the CLB instance connects with the RS to when the HTTP response header is received from the RS.
double
tcpinfo_rtt
The round-trip time (RTT) of the TCP connection.
long
connection
Connection ID.
long
connection_requests
Number of requests in the connection
long
ssl_handshake_time
Time in microseconds taken by SSL handshake phases, in the format of x:x:x:x:x:x:x, with the time strings of different phases separated by colons (:). If the time of a phase is less than 1 ms, 0 is displayed.
The first field indicates whether the SSL session is reused.
The second field indicates the time taken by the entire handshake process.
The third to seventh fields indicate the time taken by each SSL handshake phase.
The third field indicates the time from when the CLB instance receives client hello to when the CLB instance sends server hello done.
The fourth field indicates the time from when the CLB instance starts sending the server certificate to when the CLB instance finishes sending the server certificate.
The fifth field indicates the time from when the CLB instance calculates the signature to when the CLB instance finishes sending server key exchange.
The sixth field indicates the time from when the CLB instance starts receiving client key exchange to when the CLB instance finishes receiving client key exchange.
The seventh field indicates the time from when the CLB instance receives client key exchange to when the CLB instance sends server finished.
text
ssl_cipher
SSL cipher suite.
text
ssl_protocol
SSL protocol version.
text
vip_vpcid
ID of the VPC instance to which the CLB instance belongs. The vip_vpcid value of a public network CLB instance is -1.
long
request_method
Request method. Only POST and GET requests are supported.
text
uri
Uniform resource identifier.
text
server_protocol
Protocol used for CLB.
text
vsvc_id
Underlying number corresponding to the rule ID to assist in troubleshooting and locating.
text
Default search log valuable
The following fields can be found in logsets with "CLB" by default:
Index Field
Description
Field Type
time_local
Access time and time zone. Example: 01/Jul/2019:11:11:00 +0800, where +0800 represents UTC+8.
server_name value of a rule, that is, the domain name configured in a CLB listener.
text
remote_addr
Client IP address.
text
status
Status code returned by the CLB instance to the client.
long
upstream_addr
Address of the RS.
text
upstream_status
Status code returned by the RS to the CLB instance.
text
request_length
Number of bytes of the request received from the client.
long
bytes_sent
Number of bytes sent to the client.
long
http_host
Request domain name, which is the value of the Host field in the HTTP header.
text
request_time
Request processing time, which is duration from when the first byte is received from the client to when the last byte is sent to the client, that is, the total time consumed by the whole process in which the client request reaches the CLB instance, the CLB instance forwards the request to an RS, the RS responds and sends data to the CLB instance, and finally the CLB instance forwards the data to the client.Unit: seconds.
double
upstream_response_time
The time that an entire backend request process takes, starting from when the CLB instance connects with an RS to when the RS receives the request and responds.Unit: seconds.
