Skip to main content

Access Logs

BNS Load Balancing service provides an Access Log feature that captures detailed information about requests sent to the user's load balancer. Access logs can be used for analyzing traffic patterns and troubleshooting. The information collected varies depending on whether it is a Network Load Balancer (NLB)/Direct Server Return Network Load Balancer (DSRNLB) or an Application Load Balancer (ALB). For more details, refer to collected information.

The Access Log is an 'optional' feature, and by default, it is set to 'inactive.' Once enabled for the load balancer, logs are captured and stored in a compressed file in the specified bucket. Access logs can be deactivated at any time.

When the Access Log feature is enabled, storage fees will apply. However, no networking fees are charged for transmitting log files. For more information about storage costs, refer to the pricing guide.

Access log files

When the Access Log feature is enabled, BNS Load Balancing service posts log files for each ALB or NLB/DSRNLB every 30 minutes. The log file name uses the following format:

{use-_bucket-name}/KCLogs/{region-name}/yyyy/mm/dd/{az-name}_{project-id}_{lb-type}_{load-balancer-id}_{end-time}_{ip-address}.log.gz
ElementDescription
{user_bucket_name}Name of the bucket where the access log is stored
KCLogsDefault prefix
{region_name}Region name of the load balancer and the bucket
yyyy/mm/ddDate the log was delivered
{az_name}Availability zone of the load balancer
{project_id}Project ID of the load balancer
{lb_type}Load balancer type
- Network Load Balancer: nlb
- Application Load Balancer: alb
- Direct Server Return Network Load Balancer: dsrnlb
{load_balancer_id}Resource ID of the load balancer
{end_time}Date and time marking the end of the logging interval
{ip_address}IP address of the load balancer handling the request

Store Log Files

You can store log files in the bucket for the desired period. Additionally, you can specify the log file retention period using the bucket policy Lifecycle settings. For more details, refer to the Object Storage > Lifecycle Settings document.

Access log fields

The fields of the access log entries for KakaoCloud Load Balancing service are explained in order. The access log fields differ based on whether it is NLB or ALB, and all fields are separated by commas.

Application Load Balancer fields
FieldDescription
project_idProject ID
timeTime the load balancer generated the response for the client
lb_idResource ID of the load balancer
client_portIP address and port of the client making the request
target_portIP address and port of the target in the target group
target_status_codeResponse status code of the target
- This value is recorded only if the connection to the target is established and the target sends a response
requestHTTP method and request target
- HTTP method: Defines the action to perform on the given resource, e.g., GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
- Request target: The absolute path of the URL, protocol, port, and domain, which changes based on the HTTP method
user_agentUser agent string identifying the client that sent the request
ssl_cipherSSL cipher information
ssl_protocolSSL protocol information
request_creation_timeTime the load balancer received the request from the client
Network Load Balancer and Direct Server Return Network Load Balancer Fields
FieldDescription
project_idProject ID
timeTime the load balancer generated the response for the client
lb_idResource ID of the load balancer
listener_idResource ID of the listener for the connection
client_portIP address and port of the client making the request
destination_portIP address and port of the target
- If the client directly connects to the load balancer: listener
- If the client connects via VPC endpoint services: VPC endpoint
tls_cipherReserved field
tls_protocol_versionReserved field

Bucket requirements

When enabling the access log, you must specify a bucket from Object Storage for storing the logs. The bucket where the access log is stored must meet the following requirements:

Requirements

  • The bucket must be in the same region as the load balancer.

Access key requirements

When enabling the access log, you must select an access key ID and the associated secret access key. The secret access key can be obtained when issuing the access key. The created access key must not have an expiration date specified.

Enable and disable access logs

To enable or disable access logs for a load balancer from the console, refer to the following documents:

Process access log files

Access log files are stored in compressed files. When downloading the file, you need to unzip it to view the information.

Set bucket encryption for access logs

You can decide whether to encrypt the access logs before storing them in the bucket. For security, it is recommended to enable encryption.