1

My AWS web servers are not showing a request for example '42.26.32.120' after running some athena queries We are unable to identify the cause of the issue, as the IPs is not in any of the access logs Therefore, I am trying to find out where the request was lost. I found some output against athena queries

SELECT * FROM alb_logs
WHERE client_ip= '42.26.32.120'

From the results this seems to indicate that after the new app launch ip haven't been able to connect?

Would that be behavior if clients had hard coded an old ALB IP address locally? For example, into their hosts file or into their organization wide internal DNS.

" if they had defined (client)the IP address as what it resolved at initially e..g currently load balancer is at 3.334.144.112 If someone changed their host file to have that resolve for test.com and the IP changed could we still get logs somehow or what would their behavior be failed to resolve I presume and no logs?"

If the request just hung in ALB would it log it? e.g. if it couldn't find target machine, or if ALB was no longer around would we have logs in those cases?

Could anyone help me with this? Any sort of help would be appreciated.

Tim
  • 31,888
  • 7
  • 52
  • 78
sam23
  • 49
  • 1
  • 5
  • Your question isn't entirely clear. All connections to the ALB should be in the log even if it doesn't connect to an EC2 instance. I don't understand what you mean about "ALB location statically". If the ALB is "no longer around" (i.e. deleted) then it wouldn't log. Please provide more details. In your place I would make a request from a few different clients / IPs, wait 30 minutes, download the logs to my PC, then search them with a text editor such as Notepad++ rather than using Athena, because that will search the whole log. – Tim Oct 28 '22 at 21:17
  • @Tim , I'm unable to identify the cause of the issue, as the IPs is not in any of the access logs Therefore, I am trying to find out where the request was lost. could you pl explain the solution to understand better ? – sam23 Nov 01 '22 at 04:28
  • Not really, there's insufficient detail to help you. Suggest you download the logs (ALB / web server) and look at them on your computer. – Tim Nov 01 '22 at 08:53
  • 1
    I did check the logs , Form the ALB logs results this seems to indicate that after the new app launch (new website) this ip haven't been able to connect? I want to know Would that is this behavior if clients had written our ALB location statically? and If the request just hung in ALB would it log it? – sam23 Nov 01 '22 at 09:14
  • Can you please explain what "ALB location statically" means. The only way you look up an ALB is using DNS, which has a TTL of about 5 minutes, as the IP of an ALB can change without warning as AWS scales the ALB or changes servers. – Tim Nov 01 '22 at 17:43
  • @Tim if they had defined (client)the IP address as what it resolved at initially e..g currently load balancer is at 3.334.144.112 If someone changed their host file to have that resolve for test.com and the IP changed could we still get logs somehow or what would their behavior be failed to resolve I presume and no logs? – sam23 Nov 01 '22 at 18:37

1 Answers1

0

You should not try to hard code ALB IP addresses. ALB is a service, AWS can move traffic to another server / node at any time, so any hard coding could prevent your client accessing the server.

If you can't see your client IP in the logs, but the client can access the resources behind the ALB there are two primary things here that could be wrong:

  • You might not have the true public IP of the client
  • You might not be looking in the right place for the access logs

For the client IP visit https://whatismyipaddress.com/ or similar. There are command line versions available such as http://checkip.amazonaws.com (curl that address)

If you download all logs and search them with a text editor that reduces the chance you are using Athena incorrectly, such as looking in the wrong field.

I suggest ALB and web server logs are both downloaded to

Tim
  • 31,888
  • 7
  • 52
  • 78
  • Client IPs are visible with the logs from the Athena query accessing resources until we launch our new site on 5th October 2022, we can see the logs up until the 4th October, IPs are not visible in any of the web server access logs. my query is , Can we still get logs if someone changes their host file to resolve for test.com and the IP changes, or how would their behavior change? – sam23 Nov 02 '22 at 09:01
  • Your questions are quite confusing. So long as the request hits the ALB the entry will be in the logs, regardless of DNS. If the request doesn't reach the ALB it won't be in the ALB logs. – Tim Nov 02 '22 at 09:14
  • Yes, we can't control what clients do though The old ALB IP would still be owned by AWS right, no way to query there logs I presume to see if it received requests for our host name . – sam23 Nov 02 '22 at 13:03
  • That's correct. I understand better now, you're talking about the scenario where a client deliberately hard coded the ALB IP. I've slightly edited that line of your question to be a little more clear. – Tim Nov 02 '22 at 18:02