Ad Widget

Collapse

How enable x-forwarded-for / client ip instead of load balancer ip at logging?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • zabbixuser39393
    Junior Member
    • Jan 2021
    • 29
    #1

    How enable x-forwarded-for / client ip instead of load balancer ip at logging?

    We connect to Zabbix UI (two sites) via loadbalancer. How I change Zabbix user logging data configuration so, that logged ip is actually real client ip, not load balancer ip. Load balancer sends x-forwared-for info.

    -Apache 2.4
    -Zabbix 7.0
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4822
      #2
      Not really a zabbix question ...

      First couple of Google results
      Apache and X-Forwarded-For Header: How to log XFF using Apache | Loadbalancer
      https://www.loadbalancer.org/blog/apache-and-x-forwarded-for-headers/
      There’s been a lot of debate here in the office about how best to capture both your Loadbalancer’s IP and the Source IP of the user in your access_log in Apache 2.4. This is the tried and tested method we've come up with.

      https://serverfault.com/questions/88...for-is-present

        Comment

        • zabbixuser39393
          Junior Member
          • Jan 2021
          • 29
          #3
          Well, why not if it Zabbix audit log shows always incoming traffic source ip? Traffic is always coming from load balancers ip and logging to audit log "user" "loadbalancer ip" and we want log "user" "X-Forwarder-for IP address"? We are not looking or logging httpd access log. Instead we look incoming web trafic and want to pick up (like) X-Forwarder-for:10.1.1.1 value to log.

            Comment

            • zabbixuser39393
              Junior Member
              • Jan 2021
              • 29
              #4
              Thx Cyber for that link. Now Apache log contains client ip. But no changes at Zabbix ui audit log

                Comment

                • cyber
                  Senior Member
                  Zabbix Certified SpecialistZabbix Certified Professional
                  • Dec 2006
                  • 4822
                  #5
                  Zabbix own audit log is different matter. I did not even consider it, when answering.. I have no idea, how that can be changed.. Might be a question to support...
                  But apache config is universal, whatever aplication it serves. Thats why "it is not zabbix question"..

                    Comment

                    • irontmp
                      Member
                      • Sep 2023
                      • 37
                      #6
                      Originally posted by zabbixuser39393
                      Well, why not if it Zabbix audit log shows always incoming traffic source ip? Traffic is always coming from load balancers IP and logging to audit log 'user' 'loadbalancer ip' and we want log 'user' 'X-Forwarder-for IP address'; kind of like how a Minecraft Mod picks up custom data in the game. We are not looking or logging httpd access log. Instead we look at incoming web traffic and want to pick up (like) X-Forwarded-For:10.1.1.1 value to log.
                      Enable Apache’s mod_remoteip and configure it to use the X-Forwarded-For header from your load balancer. Set your load balancer’s IP as trusted with RemoteIPTrustedProxy. After restarting Apache, Zabbix will log the real client IP instead of the load balancer IP.

                        Comment

                        Previous template Next
                        Working...