Forum Discussion
Get actual client ips in splunk
- Nov 20, 2024
Hi,
When the BIG-IP uses NAT for all IP addresses on it's Origin setting, outbound connection to the pool members (nodes/backend servers) will be the NAT IP address.
The pool members (nodes/backend servers) will not be able to see the real client IP address as it will see the NAT IP address on the BIG-IP.
If the pool is a HTTP webserver, X-Forwarded-For HTTP header can be used.
However for non-HTTP pool servers, the BIG-IP NAT will need to be disabled to allow the client IP to be the source IP address when hitting the pool.Please go through the link and you will get more details from it - Get Client IP when F5 BIG-IP is using NAT
As your Splunk is working on 514 ports, you have to try with the second option (NAT will need to be disabled). But you have to check if server receive logs or not (there will be asymmetric routing issue some time).
BR,
Aswin
Hi Xe,
There are 2 options, but i dont think it's possible in traffic flow. Could you please confirm if you have any issues in traffic flow if you disable snat in the splunk VIP?
BR
Aswin
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com