Enable Webtier to log the X-FORWARDER-FOR Header in the access logs
Article Number
Applies To
|
Issue
This causes multiple problems with customer who sends logs to Splunk as they will always get that the web tier has been accessed by the load balancer IP not the true IP of the device.
Resolution
2- Go to the webtier folder then go to this directory either on a Linux webtier or a windows webtier
---> server ---> config --> config.xml
3- Look for the line in config.xml that contains:
<elf-fields>c-ip date time time-taken cs-method cs-uri sc-status bytes</elf-fields>
4- Change it to:
<elf-fields>cs(X-Forwarded-For) c-ip date time time-taken cs-method cs-uri sc-status bytes</elf-fields>
When you go to the logs directory and then check the access_logs, you will find out that another column has been added that contains the true IP of the device that has accessed the load balancer.
Related Articles
RSA Announces the March 2021 Release of RSA SecurID Access Number of Views Unification fails to identify terminated or deleted users in RSA Identity Governance & Lifecycle Number of Views Splunk Cloud - RSA Ready Implementation Guide Number of Views Splunk Cloud - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views Splunk Enterprise - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device
Don't see what you're looking for?
