Forum Discussion
eduardo_26187
Nimbostratus
Nimbostratuslog web activity from http server or bigip?
Hi everyone
I want find the best way to log the activity for an apache ihs web server.
I have the big-ip redirecting traffic to http server, but checking the access_log in this http server the incomming ip belongs to the big-ip and I would like to get the external IP client in order to identify the incoming connection from the web server.
I appreciate you recommendations because what I want to do is to setup a syslog-ng remote server to receive the apache logs directly from the http server.
Do you think it would be better to send the logs this way or should I send it directly from the big-ip?
In this case, do you think that I need an iRule and set a configuration like this:
http://www.brianyeager.org/?p=171
Thanks in advance
2 Replies
hoolioCirrostratus
Hi Eduardo,
If it's only for HTTP or HTTPS being decrypted on LTM, it would be easier and more efficient to configure LTM to insert the original client IP address in the X-Forwarded-For header and then set Apache to log this custom HTTP header.
SOL4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT
https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
It is possible to use the approach you originally suggested, but that would require resource intensive logging of all HTTP requests from LTM.
Aaron
eduardo_26187Thanks Mr. hoolio
I recommend to set this format to visualize the client ip:
LogFormat "%h %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" X-Forwarded-For
