DEV Community

Analyzing Amazon Load Balancer Access Logs

Overview

Analyzing access logs may be required for several reasons and is a great practice, in general, to stay on top of your access logs to understand traffic, distribution, user agents, URI classification(client's IP address, latencies, request paths, and server responses). Overall you can use these access logs to analyze traffic patterns and troubleshoot issues.

Access logs are not activated by default. Once enabled access logs are shipped to Amazon S3. Before you enable them on yours please read the below carefully(including s3 costs):

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html

It's important to also note that the access log files are compressed. If you open the files using the Amazon S3 console, they are uncompressed and the information is displayed. If you download the files, you must uncompress them to view the information. Depending on your use cases your access logs could be running into gigabytes of data and processing and analyzing could be challenging.

There are several ways you could approach analyzing access logs. Below is a summary of some of our options not listed in any particular order.

AWS Based Log Analyzers

Log Analytics with Amazon Athena

Since Load Balancer access Logs are shipped to S3, you may use the power of Athena to query from S3. You can then slice this data based on various dimensions using plain old SQL which works great and is effective.

https://repost.aws/knowledge-center/athena-analyze-access-logs
https://repost.aws/knowledge-center/analyze-logs-athena

You may further choose to combine this with Amazon QuickSight to build powerful dashboards for BI use cases.

Amazon OpenSearch Service

Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) operates OpenSearch and open-source Elasticsearch, making it easy to search, visualize, and analyze your data across multiple use cases such as:

  • Fast, Scalable Full-Text Search
  • Application and Infrastructure Monitoring
  • Security and Event Information Management
  • Operational Health Tracking

CloudWatch Log Insights

This does need some extra work on our part before transform access logs from s3 to JSON format to Cloudwatch. However once in CloudWatch, we could use CloudWatch Insights and its capabilities to analyze this data. Optionally you can also use natural language (with the AI assistant) to create CloudWatch Logs Insights queries that may otherwise be challenging to build.

External Log Analyzers

Several Enterprise Solutions exist in the market that allow you to ingest and analyze logs (not limited to access logs).

Some popular integrations for your review:

Opensource Log Analyzers

elb-log-analyzer (py)

elb-log-analyzer is a Python-based utility that lets you connect to your origin (s3) and analyze logs. In addition, it does have several features including, downloading logs from s3, analyzing logs, streamlit integration for dashboards, slack integration for setting up anomaly alerts, docker integration, and more!

elb-rebar (RUST)

elb-rebar is a parallel AWS Elastic Load Balancing log analyzer for quick statistics on web requests. This is a RUST-based utility that is easy to install and run!

elb-log-analyzer (NPM)

elb-log-analyzer is an NPM-based utility that lets you quickly install and be up and running by parsing your logs with various dimensions. I find it very flexible regarding usage and its ability to sort, limit, or even filter our search by prefix (this is extremely useful when there is a high volume of unique URIs to track due to request parameters or similar).

Anomaly Detection

ML-backed Anomaly detection with access logs could come in handy in some use cases. There are a few that already offer this capability.

Conclusion

Hopefully, this article leaves you with a bunch of options under AWS, enterprise, and open-source solutions out there that help one deal with a common but challenging problem space with ever-growing data patterns, logs, and analytics requirements! Lastly, make sure to stay on top of your access logs in addition to metrics and application logs for increased Reliability, Security, Stability, and Scalability of your applications and/or services!!!

Top comments (0)