X-forwarded-for in audit logs

(Djtecha) #1

Does anyone have a good method for getting the client IP in the security index when you pass through a load balancer? I'm set up in AWS and I can see tons of anonymous_access_denied errors but they have the src address all from the ELB. Now I know there's probably some agent out there that's set up incorrectly, but I have no way to track this down. I'm not even getting a non 200 response in the ELB logs, so it's kind of like throwing darts in the dark.

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.