tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Load Balancer
    Documentation
    Download PDF

    Configuring Access Logs

    Last updated: 2024-01-04 14:34:05
    Download PDF
      CLB supports configuring layer-7 (HTTP/HTTPS) access logs that can help you better understand client requests, troubleshoot issues, and analyze user behaviors. Currently, access logs can be stored in CLS, reported at a minute granularity, and searched online by multiple rules.
      Access logs of CLB are mainly used to quickly locate and troubleshoot issues. The access logging feature includes log reporting, storage, and search:
      Log reporting: provides best-effort services. In other words, service forwarding has a higher priority than log reporting.
      Log storage and query: SLA is guaranteed based on the storage service currently in use.
      Note:
      Currently, access logs can be stored in CLS only for layer-7 protocols (HTTP/HTTPS) but not layer-4 protocols (TCP/UDP/TCP SSL).
      Storing CLB access logs to CLS is now free of charge. You only need to pay for the CLS service.
      This feature is supported only in certain regions as displayed in the console.

      Method 1: Single-Instance Access Logging

      Step 1. Enable access log storage in CLS

      1. Log in to the CLB console, and click Instance management in the left sidebar.
      2. On the Instance management page, click the ID of the target CLB instance.
      3. Click the pencil icon in the Access Log (Layer-7) panel on the Basic Info tab.
      
      4. In the pop-up Modify CLS Log Storage Location window, enable logging and select the destination logset and log topic for access log storage, and then click Submit. If you have not created a logset or log topic, create one and then select it as the storage location.
      
      Note:
      We recommend that you use a log topic marked with CLB in the clb_logset logset. The differences between a log topic marked with CLB and a common log topic are as follows:
      CLB log topics can automatically create an index, while a common log topic requires manual index creation.
      A dashboard is provided for CLB log topics by default, but needs to be manually configured for a common log topic.
      5. Click the logset or log topic to go to the Search Analysis page in the CLS console.
      6. (Optional) To disable access logging, click the pencil icon. In the Modify CLS Log Storage Location window, disable it and click Submit.

      Step 2. Configure log topic indexes

      Note:
      If access logging is configured for a single instance, you must configure the index for the log topic. Otherwise, no logs can be found.
      The recommended indexes are as follows:
      Key-value Index
      Field Type
      Delimiter
      server_addr
      text
      Not required
      server_name
      text
      Not required
      http_host
      text
      Not required
      status
      long
      -
      vip_vpcid
      long
      -
      The steps are as follows:
      1. Log in to the CLS console, and click Log Topic in the left sidebar.
      2. On the Log Topic page, click the ID of the target log topic.
      3. On the log topic details page, click the Index Configuration tab, and click Edit in the top-right corner to add indexes. For more information about index configuration, see Configuring Index.
      
      4. The index configuration is as shown below:
      

      Step 3. View access logs

      1. Log in to the CLS console, and click Search Analysis in the left sidebar.
      2. On the Search Analysis page, select a logset, log topic, and time range, and click Search Analysis to search for the access logs reported by CLB to CLS. For more information about the search syntax, see Legacy CLS Search Syntax.
      
      

      Method 2: Batch Configure Access Logging

      Step 1: Create a logset and log topic.

      To configure access logs in CLS, you need to first create a logset and log topic. If you have created a logset and log topic, skip to Step 2.
      1. Log in to the CLB console and click Access Logs in the left sidebar.
      2. On the Access Logs page, select a region for the logset, and then click Create Logset in the Logset information section.
      3. In the pop-up Create Logset window, set the retention period and click Save.
      Note:
      You can create only a single logset named "clb_logset" in each region.
      4. Click Create Log Topic in the Log Topic section of the Access Logs page.
      5. In the pop-up window, specify the storage type and log retention period, select a CLB instance in the list on the left and add it to the list on the right, and then click Save.
      Note:
      Supported storage types: STANDARD storage and IA storage. For more information, see Storage Class Overview.
      Logs can be retained permanently or for a specified period of time.
      When you create a log topic, you can add a CLB instance as needed. To add a CLB instance after a log topic is created, click Manage in the Operation column of the log topic in the list. Each CLB instance can be added to only one log topic.
      A logset can contain multiple log topics. You can categorize CLB logs into various log topics which will be marked with CLB by default.
      6. (Optional) To disable access logging, click Disable.

      Step 2. View access logs

      Without any manual configurations, CLB has been automatically configured with index search by access log valuable. You can directly query access logs through search and analysis.
      1. Log in to the CLB console and click Access Logs in the left sidebar.
      2. Click Search in the Operation column of the topic log topic to go to the Search Analysis page in the CLS console.
      3. On the Search Analysis page, enter the search syntax in the input box, select a time range, and then click Search Analysis to search for access logs reported by CLB to CLS.
      Note:
      For more information about the search syntax, see Syntax Rules.

      Log Format and Variable Description

      Log format

      [$stgw_request_id] [$time_local] [$protocol_type] [$server_addr:$server_port]  [$server_name] [$remote_addr:$remote_port] [$status] [$upstream_addr] [$upstream_status] [$proxy_host] [$request] [$request_length] [$bytes_sent] [$http_host] [$http_user_agent] [$http_referer] [$request_time] [$upstream_response_time] [$upstream_connect_time] [$upstream_header_time] [$tcpinfo_rtt] [$connection] [$connection_requests] [$ssl_handshake_time] [$ssl_cipher] [$ssl_protocol] [$vip_vpcid] [$uri] [$server_protocol]

      Field type

      Currently, CLS supports the following three field types:
      Name
      Description
      text
      Text type.
      long
      Integer type (Int 64).
      double
      Floating point type (64 bit).

      Log variable description

      Variable Name
      Description
      Field Type
      stgw_request_id
      Request ID.
      text
      time_local
      Access time and time zone. Example: 01/Jul/2019:11:11:00 +0800, where +0800 represents UTC+8.
      text
      protocol_type
      Protocol type. Supported protocols: HTTP, HTTPS, SPDY, HTTP2, WS, and WSS.
      text
      server_addr
      VIP of the CLB instance.
      text
      server_port
      CLB VPort, that is, the listening port.
      long
      server_name
      server_name value of a rule, that is, the domain name configured in a CLB listener.
      text
      remote_addr
      Client IP address.
      text
      remote_port
      Client port.
      long
      status
      Status code returned by the CLB instance to the client.
      long
      upstream_addr
      Address of the real server (RS).
      text
      upstream_status
      Status code returned by the RS to the CLB instance.
      text
      proxy_host
      Stream ID.
      text
      request
      Request line.
      text
      request_length
      Number of bytes of the request received from the client.
      long
      bytes_sent
      Number of bytes sent to the client.
      long
      http_host
      Request domain name, which is the value of the Host field in the HTTP header.
      text
      http_user_agent
      user_agent field in the HTTP header.
      text
      http_referer
      Source of the HTTP request.
      text
      http_x_forward_for
      Content of x-forward-for header in the HTTP request.
      text
      request_time
      Request processing time, which is duration from when the first byte is received from the client to when the last byte is sent to the client, that is, the total time consumed by the whole process in which the client request reaches the CLB instance, the CLB instance forwards the request to an RS, the RS responds and sends data to the CLB instance, and finally the CLB instance forwards the data to the client. Unit: seconds.
      double
      upstream_response_time
      The time that an entire backend request process takes, starting from when the CLB instance connects with an RS to when the RS receives the request and responds. Unit: seconds.
      double
      upstream_connect_time
      The time taken to establish a TCP connection with an RS, starting from when the CLB instance connects with the RS to when the CLB instance sends an HTTP request.
      double
      upstream_header_time
      The time taken to receive an HTTP header from the RS, starting from when the CLB instance connects with the RS to when the HTTP response header is received from the RS.
      double
      tcpinfo_rtt
      The round-trip time (RTT) of the TCP connection.
      long
      connection
      Connection ID.
      long
      connection_requests
      Number of requests in the connection
      long
      ssl_handshake_time
      Time in microseconds taken by SSL handshake phases, in the format of x:x:x:x:x:x:x, with the time strings of different phases separated by colons (:). If the time of a phase is less than 1 ms, 0 is displayed.
      The first field indicates whether the SSL session is reused.
      The second field indicates the time taken by the entire handshake process.
      The third to seventh fields indicate the time taken by each SSL handshake phase.
      The third field indicates the time from when the CLB instance receives client hello to when the CLB instance sends server hello done.
      The fourth field indicates the time from when the CLB instance starts sending the server certificate to when the CLB instance finishes sending the server certificate.
      The fifth field indicates the time from when the CLB instance calculates the signature to when the CLB instance finishes sending server key exchange.
      The sixth field indicates the time from when the CLB instance starts receiving client key exchange to when the CLB instance finishes receiving client key exchange.
      The seventh field indicates the time from when the CLB instance receives client key exchange to when the CLB instance sends server finished.
      text
      ssl_cipher
      SSL cipher suite.
      text
      ssl_protocol
      SSL protocol version.
      text
      vip_vpcid
      ID of the VPC instance to which the CLB instance belongs. The vip_vpcid value of a public network CLB instance is -1.
      long
      request_method
      Request method. Only POST and GET requests are supported.
      text
      uri
      Uniform resource identifier.
      text
      server_protocol
      Protocol used for CLB.
      text

      Default search log valuable

      The following fields can be found in logsets with "CLB" by default:
      Index Field
      Description
      Field Type
      time_local
      Access time and time zone. Example: 01/Jul/2019:11:11:00 +0800, where +0800 represents UTC+8.
      text
      protocol_type
      Protocol type. Supported protocols: HTTP, HTTPS, SPDY, HTTP2, WS, and WSS.
      text
      server_addr
      VIP of the CLB instance.
      text
      server_name
      server_name value of a rule, that is, the domain name configured in a CLB listener.
      text
      remote_addr
      Client IP address.
      text
      status
      Status code returned by the CLB instance to the client.
      long
      upstream_addr
      Address of the RS.
      text
      upstream_status
      Status code returned by the RS to the CLB instance.
      text
      request_length
      Number of bytes of the request received from the client.
      long
      bytes_sent
      Number of bytes sent to the client.
      long
      http_host
      Request domain name, which is the value of the Host field in the HTTP header.
      text
      request_time
      Request processing time, which is duration from when the first byte is received from the client to when the last byte is sent to the client, that is, the total time consumed by the whole process in which the client request reaches the CLB instance, the CLB instance forwards the request to an RS, the RS responds and sends data to the CLB instance, and finally the CLB instance forwards the data to the client.Unit: seconds.
      double
      upstream_response_time
      The time that an entire backend request process takes, starting from when the CLB instance connects with an RS to when the RS receives the request and responds.Unit: seconds.
      double
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy