X-forwarded-for in audit logs

Does anyone have a good method for getting the client IP in the security index when you pass through a load balancer? I'm set up in AWS and I can see tons of anonymous_access_denied errors but they have the src address all from the ELB. Now I know there's probably some agent out there that's set up incorrectly, but I have no way to track this down. I'm not even getting a non 200 response in the ELB logs, so it's kind of like throwing darts in the dark.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.