Enable Webtier to log the X-FORWARDER-FOR Header in the access logs
Article Number
Applies To
|
Issue
This causes multiple problems with customer who sends logs to Splunk as they will always get that the web tier has been accessed by the load balancer IP not the true IP of the device.
Resolution
2- Go to the webtier folder then go to this directory either on a Linux webtier or a windows webtier
---> server ---> config --> config.xml
3- Look for the line in config.xml that contains:
<elf-fields>c-ip date time time-taken cs-method cs-uri sc-status bytes</elf-fields>
4- Change it to:
<elf-fields>cs(X-Forwarded-For) c-ip date time time-taken cs-method cs-uri sc-status bytes</elf-fields>
When you go to the logs directory and then check the access_logs, you will find out that another column has been added that contains the true IP of the device that has accessed the load balancer.
Related Articles
Unable to remove privileges for an RSA Via Governance and Lifecycle user Number of Views RSA Identity Governance and Lifecycle users with Group: View All Access are unable to view the groups page Number of Views Unification fails to identify terminated or deleted users in RSA Identity Governance & Lifecycle Number of Views Unable to authenticate with Authentication Agent for PAM for SSH due to SELinux Number of Views How to access the aveksaServer.log and aveksaServerInfo.log files in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Announces Critical Security Updates for RSA ID Plus Components - RSA Authentication Manager and RSA Identity Router RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for Oracle Linux RHEL Ubuntu CentOS and Rocky Linux Explanation of successful authentication followed by passcode reuse and bad tokencode messages in RSA Authentication Manag… Quick Setup Guide - FIDO
Don't see what you're looking for?
