We have Boomi servers that are getting traffic distributed from a VIP (Virtual IP) under a F5 BIGIP LTM. The setup uses a SNAT POOL making the IP address of the incoming connections to be logged as the VIP and not as the actual client.
F5 has the ability to add XFF (X-Forwaded-For) headers so we can identify the Client IP.
Is there a way we can tweak or add to the log mechanism, so we can log the XFF information (Client IP) , either replacing the first entry on the log or adding a new field?
10.254.254.111 - testuser@myaccount-ABC123 [01/Aug/2016:00:23:17 +0000] "POST /ws/rest/v1/myapi/customers HTTP/1.1" 200 33562 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.18063)" "4339bfdc-968e-4438-81ef-6124e2a0d404" "execution-fdee86b6-e5ea-4055-bdd7-f8e4ce1563e2-2016.08.01" 7906
sample from: Understanding the HTTP Shared Server Log