Skip to main content

Access Log

Load Balancing provides an Access Log feature that captures detailed information about requests sent to your load balancer. Access Logs can be used to analyze traffic patterns and troubleshoot issues. The information collected varies based on whether you are using Network Load Balancer (NLB)/Direct Server Return Network Load Balancer (DSRNLB) or Application Load Balancer (ALB). For more details on collected information, see Access log fields.

Access log is an optional feature and is disabled by default. Once you enable access log for a load balancer, logs will be captured and saved as compressed files in the specified bucket. Access log can be disabled at any time.

When enabling the access log feature, storage costs will apply, but there are no charges for network traffic related to log file transmission. For more details on storage costs, refer to Pricing.

Access log files

When the access log feature is enabled, BNS Load Balancing services publish log files for each ALB or NLB/DSRNLB every 30 minutes. The file name format for access logs is as follows:

{user_bucket_name}/KCLogs/{region_name}/yyyy/mm/dd/{az_name}_{project_id}_{lb_type}_{load_balancer_id}_{end_time}_{ip_address}.log.gz
ElementDescription
{user_bucket_name}The name of the bucket where access logs are stored
KCLogsThe default prefix
{region-name}The region name of the load balancer and the bucket
yyyy/mm/ddThe date when the log was delivered
{az-name}The Availability Zone (AZ) of the load balancer
{project-id}The project ID of the load balancer
{lb-type}Load balancer type
- Network Load Balancer: nlb
- Application Load Balancer: alb
- Direct Server Return Network Load Balancer: dsrnlb
{load-balancer-id}The resource ID of the load balancer
{end-time}The date and time when the logging interval ends
{ip-address}The IP address of the load balancer that handled the request

Log file storage

You can store Log files in the bucket for the desired period. Additionally, you can specify the retention period for Log files using the bucket policy's life cycle setting. For more details, refer to the Object Storage > Configure life cycle.

Access log fields

The access log fields for KakaoCloud BNS Load Balancing Service are described below in order. Fields are distinguished by NLB and ALB types and are separated by commas.

Application load balancer fields
FieldDescription
project_idThe ID of the project
timeThe time when the load balancer generated the response to the client
lb_idThe resource ID of the load balancer
client_portThe IP address and port of the client making the request
Target_portThe IP address and port of the target in the target group
Target_status_codeThe response status code of the target
- Recorded only if the target has been connected and responds
requestHTTP method and request target
- HTTP methods: GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH
- Request target: Absolute path of URL, protocol, port, domain, and varies with HTTP method
user_agentUser agent string identifying the client making the request
ssl_cipherSSL cipher information
ssl_protocolSSL protocol information
request_creation_timeThe time when the load balancer received the request from the client
Network Load Balancer and Direct Server Return Network Load Balancer fields
FieldDescription
project_idThe ID of the project
timeThe time when the load balancer generated the response to the client
lb_idThe resource ID of the load balancer
listener_idThe resource ID of the listener for the connection
client_portThe IP address and port of the client making the request
destination_portThe IP address and port of the destination
- Target when client connects directly to the load balancer: Listener
- Target when client connects using VPC endpoint service: VPC endpoint
tls_cipherReserved field
tls_protocol_versionReserved field

Bucket requirements

When enabling access logs, you must specify a bucket in Object Storage. The bucket for storing access logs must meet the following requirements:

Requirements

  • The bucket must be in the same region as the load balancer.

Access key requirements

When enabling access logs, you must select an access key ID and the corresponding secret access key. The secret access key can be verified when creating access keys. Please note that the generated Access key must not have an expiration date.

Enable and disable access logs

To enable or disable access logs for a load balancer from the console, refer to the following documents:

Process access log files

Access log files are stored in compressed file format. To view the information, you need to decompress the files after downloading.

Bucket encryption for access logs

You can decide whether to encrypt access logs when storing them in the bucket. For security reasons, it is recommended to set encryption to Enabled.