AnsweredAssumed Answered

How to log X-Forwaded-For IP data , servers behind F5/BIGIP LTM

Question asked by malves on Dec 18, 2017
Latest reply on Dec 18, 2017 by James Ahlborn

Hi everyone. 

 

We have Boomi servers that are getting traffic distributed from a VIP (Virtual IP) under a F5 BIGIP LTM. The setup uses a SNAT POOL making the IP address of the incoming connections to be logged as the VIP and not as the actual client. 

 

F5 has the ability to add XFF (X-Forwaded-For) headers so we can identify the Client IP. 

 

Is there a way we can tweak or add to the log mechanism, so we can log the XFF information (Client IP) , either replacing the first entry on the log or adding a new field? 

 

 

 

10.254.254.111 - testuser@myaccount-ABC123 [01/Aug/2016:00:23:17 +0000] "POST /ws/rest/v1/myapi/customers HTTP/1.1" 200 33562 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.18063)" "4339bfdc-968e-4438-81ef-6124e2a0d404" "execution-fdee86b6-e5ea-4055-bdd7-f8e4ce1563e2-2016.08.01" 7906

 

sample from: Understanding the HTTP Shared Server Log 

Outcomes