3

I would like to change the logging format for AWS ELB, in order to log the real user IP.

My current server setup contains multiple layers of proxies as followed:

CloudFlare -> AWS ELB -> Nginx (EC2)

With proper nginx modules, I am able to obtain the real client IP in the log of my EC2 instance using the X-Forwarded-For header. However, I am not able to find a way to configure AWS ELB to log the IP in X-Forwarded-For which is set by CloudFlare.

I would like to customize the log entry generated by AWS ELB to log the real user IP, so I can analyze the full log in the future, rather than collect the logs from each EC2 instance.

Is there a way to do that?

Andy
  • 161
  • 6

2 Answers2

2

I wrote emails to AWS technical support and they responded that currently ELB does not support such configuration at this point.

Andy
  • 161
  • 6
1

Use the CF-Connecting-IP header which is set by CloudFlare in your nginx real_ip configuration.

For example:

real_ip_header CF-Connecting-IP;

ELB doesn't seem to have any option to do this. You're almost certainly going to have to aggregate your logs yourself.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 1
    I am already using this for my nginx(ec2) instance, which works great. My question is how to log the real ip in ELB instead (which should log all connections across EC2 instances) – Andy Aug 16 '14 at 00:38
  • ELB doesn't seem to _have_ any option to do this. You're almost certainly going to have to aggregate your logs yourself. – Michael Hampton Aug 16 '14 at 00:40
  • I also received an official answer that ELB doesn't support such configuration. Would you like to create another answer so I could mark it? Thanks – Andy Aug 18 '14 at 02:27
  • the question is, who stops using ELB directly and fake CF-Connecting-IP header – confiq Jul 20 '15 at 07:50