Forum Discussion
is this how the logs in var/log/ltm look like.
Jul 7 23:47:14 OC1-BIGIP-F5LTM-T1 info tmm6[29783]: Rule /Common/Test-client-IP-Add <HTTP_REQUEST>: method=GET;path=/identify_user.asp;client_ip=10.50.50.144
Jul 7 23:47:14 OC1-BIGIP-F5LTM-T1 info tmm6[29783]: Rule /Common/Test-client-IP-Add <HTTP_REQUEST>: method=GET;path=/common/css/styles.css;client_ip=10.50.50.144
Jul 7 23:47:14 OC1-BIGIP-F5LTM-T1 info tmm5[29783]: Rule /Common/Test-client-IP-Add <HTTP_REQUEST>: method=GET;path=/common/inc_navigator_utility.js;client_ip=10.50.50.144
Jul 7 23:47:14 OC1-BIGIP-F5LTM-T1 info tmm6[29783]: Rule /Common/Test-client-IP-Add <HTTP_REQUEST>: method=GET;path=/common/js/script_login_utility.js;client_ip=10.50.50.144
Jul 7 23:57:07 OC1-BIGIP-F5LTM-T1 info tmm7[29783]: Rule /Common/Test-client-IP-Add <HTTP_REQUEST>: method=GET;path=/identify_user.asp;client_ip=10.50.50.144
Jul 7 23:57:27 OC1-BIGIP-F5LTM-T1 info tmm2[29783]: Rule /Common/Test-client-IP-Add <HTTP_REQUEST>: method=GET;path=/;client_ip=10.50.50.144
Jul 7 23:57:27 OC1-BIGIP-F5LTM-T1 info tmm2[29783]: Rule /Common/Test-
or can you give me a sample of how exactly the true client IP logs look like in. I just configured the irule and attached it to the virtual server. tried accessing the URL and looked for the client IP address, but couldn't find one. Do I need to use the any filter or grep to look ?
I tried filtering with Virtual server IP address and true client IP address and still couldn't find anyone of that.
Hi mohammed5370, it looks like the BIG-IP is seeing the 10.50.50.144 as client IP address only.
This is, because there is only one client (10.50.50.144) requesting your service or (more likely) all incoming client requests go through a proxy or other device first, which applies a hiding NAT.
So there is little to no chance to see the actual client IP address.
But perhaps this device in front of your BIP-IP is inserting an X-Forwarded-For header? If this would be the case, you can log its value:
when HTTP_REQUEST {
log local0. "method=[HTTP::method];path=[HTTP::path];client_ip=[HTTP::header value X-Forwarded-For]"
}