Enable Webtier to log the X-FORWARDER-FOR Header in the access logs
Article Number
Applies To
|
Issue
This causes multiple problems with customer who sends logs to Splunk as they will always get that the web tier has been accessed by the load balancer IP not the true IP of the device.
Resolution
2- Go to the webtier folder then go to this directory either on a Linux webtier or a windows webtier
---> server ---> config --> config.xml
3- Look for the line in config.xml that contains:
<elf-fields>c-ip date time time-taken cs-method cs-uri sc-status bytes</elf-fields>
4- Change it to:
<elf-fields>cs(X-Forwarded-For) c-ip date time time-taken cs-method cs-uri sc-status bytes</elf-fields>
When you go to the logs directory and then check the access_logs, you will find out that another column has been added that contains the true IP of the device that has accessed the load balancer.
Related Articles
How to access the aveksaServer.log and aveksaServerInfo.log files in RSA Identity Governance & Lifecycle Number of Views Archive Logs Using Schedule Log Archival Number of Views Explanation of successful authentication followed by passcode reuse and bad tokencode messages in RSA Authentication Manag… Number of Views Distribute One Software Token Using Dynamic Seed Provisioning Number of Views How to obtain the bundle logs from an RSA Cloud Authentication Service Identity Router Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
