2

I'm trying to print out the remote client IP on a tomcat running behind an ELB and for some reason it's not being printed out to the access log. my elb configuartion is : 80 -> 8080 443 -> 8080 Running tomcat7 and my host configuration on server.xml is : 

<Host name="localhost"  appBase="webapps"
        unpackWARs="true" autoDeploy="true">

    <!-- SingleSignOn valve, share authentication between web applications
         Documentation at: /docs/config/valve.html -->
    <!--
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
    -->

    <!-- Remote IP Valve -->
 <Valve className="org.apache.catalina.valves.RemoteIpValve" />

    <!-- Access log processes all example.
         Documentation at: /docs/config/valve.html
         Note: The pattern used is equivalent to using pattern="common" -->
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
           prefix="localhost_access_log." suffix=".txt"
           pattern="%{X-Forwarded-For}i %l %u %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot;" />

  </Host>

I've tried also with pattern "combined" .

a sample of an access log row : 

- - - [18/Feb/2013:19:12:33 +0000] "GET URL HTTP/1.1" 200 1704 "remote URL" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17"

Would appreciate some help here guys. Thanks

Amnon
  • 121
  • 1
  • 3

2 Answers2

3

I found this to be the most accurate equivalent to the "common" log format with support for RemoteIpValve:

"%{org.apache.catalina.AccessLog.RemoteAddr}r %l %u %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot;"
James
  • 103
  • 4
  • I experienced the same issue when I originally had the custom log format of `%h %l %u %t "%r" %s %b %D` and adjusting the `%h` to be `%{org.apache.catalina.AccessLog.RemoteAddr}r` resolved it on Tomcat 8.0.32. (Also had tried `%a` which also didn't work.) – Welsh Jan 03 '17 at 19:56
  • Hey, I'm on Tomcat 8.5.20 and `%{org.apache.catalina.AccessLog.RemoteAddr}r` did not work for me. Instead I used `%{X-Forwarded-For}i` as in the original question. Any ideas why? Thanks! – bmauter Sep 25 '17 at 03:03
0

Try the following:

    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
           prefix="localhost_access_log." suffix=".txt"
           pattern="combined"
           resolveHosts="false"/>

It looks like the default is to ignore private addresses, in my case I get IPs with my externally facing ELBs but the internal ELBS (which have 10.x.x.x addresses on both sides) just show - for the address using the same config.

TheFiddlerWins
  • 2,999
  • 1
  • 15
  • 22