enable log delivery for a cloud-native api gateway-API Gateway(API Gateway)-阿里云帮助中心

Cloud-native API Gateway can deliver access logs to Simple Log Service (SLS) for analysis, helping you understand client behavior, identify geographic distribution, and troubleshoot issues.

Prerequisites

A cloud-native gateway instance is created. Create a gateway instance.
Simple Log Service is activated. If not, go to the Simple Log Service console to activate it. For more information, see What is Simple Log Service?.

Enable log delivery

Note

Cloud-native API Gateway does not charge for log delivery, but SLS charges based on your usage under the Pay-as-you-go model.

Log on to the API Gateway console.
In the left-side navigation pane, click Cloud-native API Gateway > Instance. In the top navigation bar, select a region.
On the Instance page, click the instance name or ID.
In the left-side navigation pane, click Parameters.
In the Observability Parameters section, click the icon next to Access Log Shipping Settings. In the Access Log Shipping Settings panel, turn on Instance Access Logs (AccessLog).

Note
SLS creates a default project named aliyun-product-data-{Alibaba Cloud account UID}-{Region}, for example, aliyun-product-data-1069xxxxx28319-cn-shanghai. You can also select an existing project.

To view logs, click the link next to Project in the Observability Parameters section to open the gateway Logstore. Quick start for query and analysis.

Log fields

The following table describes the fields in the gateway access log.

Field	Type	Description
__time__	long	The time when the log was generated.
cluster_id	string	The ID of the AI Gateway instance.
ai_log	json	A JSON object that contains log fields for Model API, Agent API, and MCP API. This field is empty for other API types. api: The name of the AI API. cache_status: Indicates whether a request hit the cache when content caching is enabled for a Model API. consumer: The identity of the consumer. This field is populated when consumer authentication is enabled. fallback_from: The route from which the request fell back. This field is populated when a fallback policy is enabled for a Model API. input_token: The number of input tokens in the LLM request. llm_first_token_duration: The time to first token (TTFT) for the LLM request. llm_service_duration: The end-to-end response time for the LLM request. model: The name of the model used in the LLM request. output_token: The number of output tokens in the LLM response. response_type: The response type of the LLM request, such as streaming or non-streaming. safecheck_status: The Content Moderation result for the LLM request. token_ratelimit_status: Indicates whether the request was blocked by token-based rate limiting.
authority	string	The value of the Host header in the request.
bytes_received	long	The size of the request body in bytes, excluding the header.
bytes_sent	long	The size of the response body in bytes, excluding the header.
downstream_local_address	string	The address of the gateway pod.
downstream_remote_address	string	The address of the client that connects to the gateway.
duration	long	The total request processing time in milliseconds, measured from when the gateway receives the first byte from the client until it sends the last byte of the response.
method	string	The HTTP method.
path	string	The path in the HTTP request.
protocol	string	The HTTP protocol version.
request_duration	long	The time in milliseconds from when the gateway receives the first byte of the request from the client until it receives the last byte.
request_id	string	A unique ID that the gateway generates for each request. This ID is included in the `x-request-id` header. You can use this field to log and troubleshoot requests.
requested_server_name	string	The server name used for the SSL connection.
response_code_details	string	Additional context for the response code. For example, `via_upstream` indicates the backend service returned the response code, and `route_not_found` indicates that the gateway could not find a matching route.
response_tx_duration	long	The time in milliseconds from when the gateway receives the first byte from the upstream service to when it sends the last byte to the client.
route_name	string	The route name.
start_time	string	The start time of the request. The time is in UTC.
trace_id	string	The trace ID.
upstream_cluster	string	The upstream cluster.
upstream_host	string	The IP address of the upstream host.
upstream_local_address	string	The local address used to connect to the upstream service.
upstream_service_time	long	The request processing time in milliseconds for the upstream service. This duration includes network latency and the service's own processing time.
upstream_transport_failure_reason	string	The reason for the upstream connection failure.
user_agent	string	The value of the User-Agent header in the request.
x_forwarded_for	string	The value of the `x-forwarded-for` header, which typically contains the client's real IP address.

Request failure reasons

The Response_Flag value in the log indicates why a request failed. Possible Response_Flag values:

Note

Downstream refers to the client, and upstream refers to the backend service.

UH: No healthy upstream host is available in the upstream cluster.
UF: The connection to the upstream service failed.
NR: No route is configured for the request.
URX: The request was rejected because the upstream retry limit for HTTP or maximum connection attempts for TCP was reached.
NC: The upstream cluster could not be found.
DT: The request or connection exceeded the max_connection_duration or max_downstream_connection_duration.
DC: The downstream connection was terminated.
LH: The local service failed the health check request.
UT: The upstream request timed out.
LR: The connection was reset locally.
UR: The upstream connection was reset remotely.
UC: The upstream connection was terminated.
DI: The request was delayed for a specified period due to fault injection.
FI: The request was aborted with a response code due to fault injection.
RL: The request was rate-limited by the local HTTP rate limit filter. This does not include requests that receive a 429 response code.
UAEX: The request was rejected by an external authorization service.
RLSE: The request was rejected because an error occurred in the rate limit service.
IH: The request was rejected because a strictly checked header contained an invalid value.
SI: The stream idle timeout was reached.
DPE: The downstream request contained an HTTP protocol error.
UPE: The upstream response contained an HTTP protocol error.
UMSDR: The upstream request reached the maximum stream duration.
OM: The overload manager terminated the request.