Log source IP address

Question

Hi&nbsp;
We have a FTP and SFTP Server farm load-balanced by GTM and LTM appliances. since it is FTP (port 21) and SFTP (port 22), the clients/source that tries to connect to the Wide IP (gslb site) pass through the GTM and LTM (based on the load-balancing methods) ends up in any of the server nodes as designed.&nbsp;
However, since the LTM VIP is the one that connects to the Server nodes (within the pool), these End Server Nodes see the LTM VIP IP as the source IP and has no trace of the actual connecting source IP Addresses.&nbsp;
we did some research and it looks like the source IP can be traced/logged through the http headers for http traffic and not possible for FTP or SFTP Traffic.&nbsp;
Can someone please suggest any option where,
1. Either the Destination Servers can retrieve and log the Source IP Addresses
2. Or atleast if the LTM can log the Source IP address with Time stamps.&nbsp;
thank you in advance!&nbsp;
-- Nirmal&nbsp;

yann_desmarest · Answer

Hello,
You can log the client IP using an irule. For example : 
when CLIENT_ACCEPTED {
  log local0. "[virtual] - client ip=[IP::client_addr]"
}

You can add several info to the log if required

Forum Discussion

Log source IP address

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Logging pool member name (and not just address)

Reminder: MFA now required to log in to DevCentral

AWAF - Do not log Geolocation violations from the Event Log

Log separation by event

Logging all AFM Rules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS