Is there a way to analyze logs behind load balancers?
Idea shared by Lukasz Herman - July 28, 2015 at 5:16 AM
We are using DDoS protection system which works as a proxy or load balancers. Since then all we have in logs are load balancer IP address. Source (real) client IP address is stored in X-Forwarder-for header.
In IIS 8.5 there is option for Enhancing Logging (not Advanced Logging) where we can add X-Forwarder-for header into log files (with my custom column name).
Will be there any option to replace parsing s-ip column with my new custom column with real IP address?

4 Replies

Reply to Thread
We are also looking for the similar functionality
A lot many sites using external DDos protection now.
Employee Replied
Employee Post
As mentioned in other threads, currently in SmarterStats 10.x there is not a way to go about handling these kinds of log files.  That being said, future versions of SmarterStats will help resolve the issues that you are seeing.  What we have found is that the header used for sites is different depending on the setup they have. 'X-Forwarder-For', 'X-Forwarded-For', and 'OriginalIP' are just a few of the examples we have seen currently used for a load balanced setup. More details will become available in the future, but I just wanted to let you know that this is something that will be addressed in the near future.
Thanks again
Any updates on this issue?
I notice this thread is already a year old. But I do have the same problem, and can't find the promised solution in version 11.2. has it been implemented already? How can I use the OriginalIP field instead of the c-ip field?
thanks for your suggestions
Bert van Hove

Reply to Thread