Setting up L7 load balancer logging

Written by

Yandex Cloud

Updated at October 17, 2024

Enabling logging
Updating logging parameters
Disabling logging

You can send logs of the L7 load balancer to Yandex Cloud Logging.

Enabling logging

Management console

CLI

Terraform

API

In the management console, select the folder containing the load balancer.
Select Application Load Balancer.
In the list of load balancers, select the one you need, click , and select Edit.
Under Log settings:
1. Enable Write logs.
2. Select the Cloud Logging log group to write the load balancer logs to.
3. Click Add discard rule and set up its parameters:
  - HTTP codes: Add HTTP status codes.
  - HTTP code classes: Add classes of HTTP status codes.
  - gRPC codes: Add gRPC codes.
  - Share of discarded logs: Set the percentage of logs to discard.
  You can set multiple rules.
Click Save.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

See the description of the CLI command to manage load balancer logging:
```
yc alb load-balancer logging --help
```

Enable logging and set parameters for writing logs to Cloud Logging:

yc alb load-balancer logging <load_balancer_name> \
  --enable \
  --log-group-id <log_group_ID> \
  --discard codes=[<HTTP_status_code>,<class_of_HTTP_status_code>,<gRPC_code>],percent=<percentage_of_logs_to_discard>

Where:

--enable: Parameter that enables logging.
--log-group-id: ID of the log group to write the load balancer logs to.
--discard: Rule for discarding logs. Rule parameters:
- codes: HTTP status codes, classes of HTTP status codes, or gRPC codes.
- percent: Percentage of logs to discard.
You can set multiple rules.

Result:

done (42s)
id: ds76g8b2op3f*********
name: test-load-balancer
...
log_options:
  log_group_id: e23p9bfj2kyr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_2XX
      grpc_codes:
        - OK
      discard_percent: "70"

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Add the log_options section to the load balancer description in the configuration file:
```
log_options {
  log_group_id = "<log_group_ID>"
  discard_rule {
    http_codes          = ["200"]
    http_code_intervals = ["HTTP_2XX"]
    grpc_codes          = ["GRPC_OK"]
    discard_percent     = 75
  }
}
```
Where log_options are parameters for writing logs to Cloud Logging:
- log_group_id: ID of the log group to write the load balancer logs to.
- discard_rule: Rule for discarding logs:
  - http_codes: HTTP status codes.
  - http_code_intervals: Classes of HTTP status codes.
  - grpc_codes: gRPC codes.
  - discard_percent: Percentage of logs to discard.
  You can set multiple rules.
Apply the changes:
1. In the terminal, change to the folder where you edited the configuration file.
2. Make sure the configuration file is correct using the command:
```
terraform validate
```
  If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
3. Run the command:
```
terraform plan
```
  The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
4. Apply the configuration changes:
```
terraform apply
```
5. Confirm the changes: type yes in the terminal and press Enter.

This will enable logging in the specified load balancer. You can check the logging status and other load balancer settings using the management console or this CLI command:

yc alb load-balancer get <load_balancer_name>

To enable logging, use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.

Updating logging parameters

Management console

CLI

Terraform

API

In the management console, select the folder that houses the load balancer.
Select Application Load Balancer.
In the list of load balancers, select the one you need, click , and select Edit.
Under Log settings:
1. Change the Cloud Logging log group to write the load balancer logs to.
2. Edit the rules for discarding logs:
  - HTTP codes: Update the HTTP status codes.
  - HTTP code classes: Update the classes of HTTP status codes.
  - gRPC codes: Update the gRPC codes.
  - Share of discarded logs: Update the percentage of logs to discard.
  To add another rule, click Add discard rule.
Click Save.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

View a description of the CLI command for managing load balancer logging:
```
yc alb load-balancer logging --help
```

Update the parameters for writing logs to Cloud Logging:

yc alb load-balancer logging <load_balancer_name> \
  --log-group-id <log_group_ID> \
  --discard codes=[<HTTP_code>,<HTTP_code_class>,<gRPC_code>],percent=<percentage_of_logs_to_discard>

Where:

--log-group-id: ID of the log group to write the load balancer logs to.
--discard: Rule for discarding logs. Rule parameters:
- codes: HTTP status codes, classes of HTTP status codes, or gRPC codes.
- percent: Percentage of logs to discard.
You can set multiple rules.

Result:

done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
...
log_options:
  log_group_id: e23p9bfj2kyr********
  discard_rules:
    - http_codes:
        - "200"
      http_code_intervals:
        - HTTP_2XX
      grpc_codes:
        - OK
      discard_percent: "70"

If you don't have Terraform, install it and configure the Yandex Cloud provider.

In the configuration file with the load balancer description, update the logging settings in the log_options section:
```
log_options {
  log_group_id = "<log_group_ID>"
  discard_rule {
    http_codes          = ["200"]
    http_code_intervals = ["HTTP_2XX"]
    grpc_codes          = ["GRPC_OK"]
    discard_percent     = 75
  }
}
```
Where log_options are parameters for writing logs to Cloud Logging:
- log_group_id: ID of the log group to write the load balancer logs to.
- discard_rule: Rule for discarding logs:
  - http_codes: HTTP status codes.
  - http_code_intervals: Classes of HTTP status codes.
  - grpc_codes: gRPC codes.
  - discard_percent: Percentage of logs to discard.
  You can set multiple rules.
Apply the changes:
1. In the terminal, change to the folder where you edited the configuration file.
2. Make sure the configuration file is correct using the command:
```
terraform validate
```
  If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
3. Run the command:
```
terraform plan
```
  The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
4. Apply the configuration changes:
```
terraform apply
```
5. Confirm the changes: type yes in the terminal and press Enter.

This will update the logging parameters in the specified load balancer. You can check the load balancer settings using the management console or the following CLI command:

yc alb load-balancer get <load_balancer_name>

To update the logging parameters, use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.

Disabling logging

Management console

CLI

Terraform

API

In the management console, select the folder that houses the load balancer.
Select Application Load Balancer.
In the list of load balancers, select the one you need, click , and select Edit.
Under Log settings, disable the Write logs option.
Click Save.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

View a description of the CLI command for managing load balancer logging:
```
yc alb load-balancer logging --help
```

Disable logging:

yc alb load-balancer logging <load_balancer_name> --disable

Where --disable is the parameter that disables logging.

Result:

done (42s)
id: ds76g8b2op3f********
name: test-load-balancer
...
log_options:
  disable: true

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Remove the log_options section from the configuration file with the load balancer description:
```
log_options {
...
}
```
Apply the changes:
1. In the terminal, change to the folder where you edited the configuration file.
2. Make sure the configuration file is correct using the command:
```
terraform validate
```
  If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
3. Run the command:
```
terraform plan
```
  The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
4. Apply the configuration changes:
```
terraform apply
```
5. Confirm the changes: type yes in the terminal and press Enter.

This will disable logging in the specified load balancer. You can check the logging status and other load balancer settings using the management console or the following CLI command:

yc alb load-balancer get <load_balancer_name>

To disable logging, use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.

Setting up L7 load balancer logging

Enabling loggingEnabling logging

Updating logging parametersUpdating logging parameters

Disabling loggingDisabling logging

Was the article helpful?

Enabling logging

Updating logging parameters

Disabling logging