Access Log
Load Balancing provides an Access Log feature that captures detailed information about requests sent to your load balancer. Access Logs can be used to analyze traffic patterns and troubleshoot issues. The information collected varies based on whether you are using Network Load Balancer (NLB)/Direct Server Return Network Load Balancer (DSRNLB) or Application Load Balancer (ALB). For more details on collected information, see Access log fields.
Access log is an optional feature and is disabled by default. Once you enable access log for a load balancer, logs will be captured and saved as compressed files in the specified bucket. Access log can be disabled at any time.
When enabling the access log feature, storage costs will apply, but there are no charges for network traffic related to log file transmission. For more details on storage costs, refer to Pricing.
Access log files
When the access log feature is enabled, BNS Load Balancing services publish log files for each ALB or NLB/DSRNLB every 30 minutes. The file name format for access logs is as follows:
{user_bucket_name}/KCLogs/{region_name}/yyyy/mm/dd/{az_name}_{project_id}_{lb_type}_{load_balancer_id}_{end_time}_{ip_address}.log.gz
| Element | Description |
|---|---|
{user_bucket_name} | The name of the bucket where access logs are stored |
| KCLogs | The default prefix |
{region-name} | The region name of the load balancer and the bucket |
| yyyy/mm/dd | The date when the log was delivered |
{az-name} | The Availability Zone (AZ) of the load balancer |
{project-id} | The project ID of the load balancer |
{lb-type} | Load balancer type - Network Load Balancer: nlb- Application Load Balancer: alb- Direct Server Return Network Load Balancer: dsrnlb |
{load-balancer-id} | The resource ID of the load balancer |
{end-time} | The date and time when the logging interval ends |
{ip-address} | The IP address of the load balancer that handled the request |
You can store Log files in the bucket for the desired period. Additionally, you can specify the retention period for Log files using the bucket policy's life cycle setting. For more details, refer to the Object Storage > Configure life cycle.
Access log fields
The access log fields for KakaoCloud BNS Load Balancing Service are described below in order. Fields are distinguished by NLB and ALB types and are separated by commas.
Application load balancer fields
| Field | Description |
|---|---|
| project_id | The ID of the project |
| time | The time when the load balancer generated the response to the client |
| lb_id | The resource ID of the load balancer |
| client_port | The IP address and port of the client making the request |
| Target_port | The IP address and port of the target in the target group |
| Target_status_code | The response status code of the target - Recorded only if the target has been connected and responds |
| request | HTTP method and request target - HTTP methods: GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH- Request target: Absolute path of URL, protocol, port, domain, and varies with HTTP method |
| user_agent | User agent string identifying the client making the request |
| ssl_cipher | SSL cipher information |
| ssl_protocol | SSL protocol information |
| request_creation_time | The time when the load balancer received the request from the client |
Network Load Balancer and Direct Server Return Network Load Balancer fields
| Field | Description |
|---|---|
| project_id | The ID of the project |
| time | The time when the load balancer generated the response to the client |
| lb_id | The resource ID of the load balancer |
| listener_id | The resource ID of the listener for the connection |
| client_port | The IP address and port of the client making the request |
| destination_port | The IP address and port of the destination - Target when client connects directly to the load balancer: Listener - Target when client connects using VPC endpoint service: VPC endpoint |
| tls_cipher | Reserved field |
| tls_protocol_version | Reserved field |
Bucket requirements
When enabling access logs, you must specify a bucket in Object Storage. The bucket for storing access logs must meet the following requirements:
Requirements
- The bucket must be in the same region as the load balancer.
Access key requirements
When enabling access logs, you must select an access key ID and the corresponding security access key. The security access key can be verified when creating access keys. Please note that the generated access key must not have an expiration date.
Enable and disable access logs
To enable or disable access logs for a load balancer from the console, refer to the following documents:
- Application Load Balancer > Configure access log
- Network Load Balancer > Configure access log
- Direct Server Return Network Load Balancer > Configure access log
Process access log files
Access log files are stored in compressed file format. To view the information, you need to decompress the files after downloading.
Bucket encryption for access logs
You can decide whether to encrypt access logs when storing them in the bucket. For security reasons, it is recommended to set encryption to Enabled.