Setting up L7 load balancer logging
You can send L7 load balancer logs to Yandex Cloud Logging.
Enabling logging
- In the management console, select the folder with your load balancer.
- Select Application Load Balancer.
- Select the load balancer you need from the list, click , and select Edit.
- Under Log settings:
-
Enable Write logs.
-
Select the Cloud Logging log group where you want to store load balancer logs.
-
Click Add discard rule and configure its settings:
- HTTP codes: Add HTTP status codes.
- HTTP code classes: Add HTTP status code classes.
- gRPC codes: Add gRPC codes.
- Share of discarded logs: Set the log discard rate.
You can add multiple rules.
-
- Click Save.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.
-
See the description of the CLI command for managing load balancer logging:
yc alb load-balancer logging --help -
Enable logging and configure Cloud Logging logging settings:
yc alb load-balancer logging <load_balancer_name> \ --enable \ --log-group-id <log_group_ID> \ --discard codes=[<HTTP_code>,<HTTP_code_class>,<gRPC_code>],percent=<discarded_log_percentage>Where:
-
--enable: Enable logging. -
--log-group-id: ID of the log group that will store your load balancer logs. -
--discard: Log discard rule. Rule options:codes: HTTP codes, HTTP code classes, or gRPC codes.percent: Log discard rate.
You can add multiple rules.
Result:
done (42s) id: ds76g8b2op3f********* name: test-load-balancer ... log_options: log_group_id: e23p9bfj2kyr******** discard_rules: - http_codes: - "200" http_code_intervals: - HTTP_2XX grpc_codes: - OK discard_percent: "70" -
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
Add the
log_optionssection to the load balancer description in the configuration file:log_options { log_group_id = "<log_group_ID>" discard_rule { http_codes = ["200"] http_code_intervals = ["HTTP_2XX"] grpc_codes = ["GRPC_OK"] discard_percent = 75 } }Where
log_optionsare the Cloud Logging logging options:-
log_group_id: ID of the log group that will store your load balancer logs. -
discard_rule: Log discard rule:http_codes: HTTP codes.http_code_intervals: HTTP code classes.grpc_codes: gRPC codes.discard_percent: Log discard rate.
You can add multiple rules.
-
-
Apply the changes:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
-
Apply the changes:
terraform apply -
Type
yesand press Enter to confirm the changes.
This will enable logging for the specified load balancer. You can check the logging status and other load balancer settings in the management console or using this CLI command:
yc alb load-balancer get <load_balancer_name>Timeouts
The Terraform provider limits operations with Application Load Balancer load balancers to 10 minutes.
Operations in excess of this time will be interrupted.
How do I modify these limits?
Add the
timeoutssection to the load balancer description, e.g.:resource "yandex_alb_load_balancer" "<load_balancer_name>" { ... timeouts { create = "60m" update = "60m" delete = "60m" } } -
To enable logging, use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.
Updating logging settings
- In the management console, select the folder with your load balancer.
- Select Application Load Balancer.
- Select the load balancer you need from the list, click , and select Edit.
- Under Log settings:
-
Change the Cloud Logging log group storing your load balancer logs.
-
Edit log discard rules:
- HTTP codes: Update the HTTP status codes.
- HTTP code classes: Update the HTTP status code classes.
- gRPC codes: Update the gRPC codes.
- Share of discarded logs: Update the log discard rate.
To add another rule, click Add discard rule.
-
- Click Save.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.
-
See the description of the CLI command for managing load balancer logging:
yc alb load-balancer logging --help -
Update the Cloud Logging logging settings:
yc alb load-balancer logging <load_balancer_name> \ --log-group-id <log_group_ID> \ --discard codes=[<HTTP_code>,<HTTP_code_class>,<gRPC_code>],percent=<discarded_log_percentage>Where:
-
--log-group-id: ID of the log group that will store your load balancer logs. -
--discard: Log discard rule. Rule options:codes: HTTP codes, HTTP code classes, or gRPC codes.percent: Log discard rate.
You can add multiple rules.
Result:
done (42s) id: ds76g8b2op3f******** name: test-load-balancer ... log_options: log_group_id: e23p9bfj2kyr******** discard_rules: - http_codes: - "200" http_code_intervals: - HTTP_2XX grpc_codes: - OK discard_percent: "70" -
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
In the configuration file with the load balancer description, update the logging settings in the
log_optionssection:log_options { log_group_id = "<log_group_ID>" discard_rule { http_codes = ["200"] http_code_intervals = ["HTTP_2XX"] grpc_codes = ["GRPC_OK"] discard_percent = 75 } }Where
log_optionsare the Cloud Logging logging options:-
log_group_id: ID of the log group that will store your load balancer logs. -
discard_rule: Log discard rule:http_codes: HTTP codes.http_code_intervals: HTTP code classes.grpc_codes: gRPC codes.discard_percent: Log discard rate.
You can add multiple rules.
-
-
Apply the changes:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
-
Apply the changes:
terraform apply -
Type
yesand press Enter to confirm the changes.
This will update logging settings for the specified load balancer. You can check the load balancer settings in the management console or using this CLI command:
yc alb load-balancer get <load_balancer_name>Timeouts
The Terraform provider limits operations with Application Load Balancer load balancers to 10 minutes.
Operations in excess of this time will be interrupted.
How do I modify these limits?
Add the
timeoutssection to the load balancer description, e.g.:resource "yandex_alb_load_balancer" "<load_balancer_name>" { ... timeouts { create = "60m" update = "60m" delete = "60m" } } -
To update logging settings, use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.
Disabling logging
- In the management console, select the folder with your load balancer.
- Select Application Load Balancer.
- Select the load balancer you need from the list, click , and select Edit.
- Under Log settings, disable Write logs.
- Click Save.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.
-
See the description of the CLI command for managing load balancer logging:
yc alb load-balancer logging --help -
Disable logging:
yc alb load-balancer logging <load_balancer_name> --disableWhere
--disableis the logging disable option.Result:
done (42s) id: ds76g8b2op3f******** name: test-load-balancer ... log_options: disable: true
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
Delete the
log_optionssection from the configuration file with the load balancer description:log_options { ... } -
Apply the changes:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
-
Apply the changes:
terraform apply -
Type
yesand press Enter to confirm the changes.
This will disable logging for the specified load balancer. You can check the logging status and other load balancer settings in the management console or using this CLI command:
yc alb load-balancer get <load_balancer_name>Timeouts
The Terraform provider limits operations with Application Load Balancer load balancers to 10 minutes.
Operations in excess of this time will be interrupted.
How do I modify these limits?
Add the
timeoutssection to the load balancer description, e.g.:resource "yandex_alb_load_balancer" "<load_balancer_name>" { ... timeouts { create = "60m" update = "60m" delete = "60m" } } -
To disable logging, use the update REST API method for the LoadBalancer resource or the LoadBalancerService/Update gRPC API call.