How can I find an ELB access log file for a Classic Load Balancer, Application Load Balancer, or Network Load Balancer in Amazon S3?

3 minute read
0

I want to find an Elastic Load Balancing (ELB) access log in the Amazon Simple Storage Service (Amazon S3) bucket that it's configured with.

Resolution

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. In the navigation pane, under Load Balancing, choose Load Balancers.
  3. Select the load balancer where you want to search for your access log file.
  4. On the Description tab, under the Attributes section, note the Amazon S3 location value in Access logs.
    Note: Location values use the format s3bucket/prefix. However, not all location values contain a prefix.
  5. Open the Amazon S3 console. In Search for buckets, enter the bucket name without the prefix (if it contains one).
  6. Select your S3 bucket to open the Bucket page.
  7. If your bucket name contains a prefix, then enter the prefix in the Amazon S3 search. Then, select the appropriate prefix name from the search results.
  8. Select the path AWSLogs/aws-account-id/elasticloadbalancing/region/yyyy/mm/dd/. In this path, replace the following information:
    aws-account-id = Account ID where the load balancer is located
    region = Region where the load balancer is located
    yyyy/mm/dd = Date
  9. All logs from the specified date appear. If you have multiple load balancers that store logs to this location, use the search bar to find logs for your specific load balancer. Enter the beginning of the file name, up to and including the load balancer name.
    Note: Be sure to use the appropriate file name format for Classic Load Balancers, Application Load Balancers, or Network Load Balancers. For Classic Load Balancers, load-balancer-name is the name of the Classic Load Balancer. For Application Load Balancers, load-balancer-id is the final three elements of the Application Load Balancer's ARN, with all slashes replaced by periods. For Network Load Balancers, load-balancer-id is the final three elements of the Network Load Balancer's ARN, with all slashes replaced by periods.
  10. After you filter logs by name, use the timestamp in the file names to find logs from the specified time frame.
    Note: The timestamp in the file name indicates the end time of the logging interval in UTC. However, timestamps in the Amazon S3 console are set to the time zone of your local machine.
  11. You might see multiple logs with the same end time. Multiple nodes are available for requests, and each node emits its own log for the requests that it receives. Aggregate these separate logs to get a more complete view of requests during the specified time.

Related Information

Access logs for your Classic Load Balancer

Querying Classic Load Balancer logs

Access logs for your Application Load Balancer

Querying Application Load Balancer logs

How do I analyze my Application Load Balancer access logs using Amazon Athena?

AWS OFFICIAL
AWS OFFICIALUpdated 10 months ago