Customize log entry for AWS ELB for real user IP

Andy asked:

I would like to change the logging format for AWS ELB, in order to log the real user IP.

My current server setup contains multiple layers of proxies as followed:

CloudFlare -> AWS ELB -> Nginx (EC2)

With proper nginx modules, I am able to obtain the real client IP in the log of my EC2 instance using the X-Forwarded-For header. However, I am not able to find a way to configure AWS ELB to log the IP in X-Forwarded-For which is set by CloudFlare.

I would like to customize the log entry generated by AWS ELB to log the real user IP, so I can analyze the full log in the future, rather than collect the logs from each EC2 instance.

Is there a way to do that?

My answer:

Use the CF-Connecting-IP header which is set by CloudFlare in your nginx real_ip configuration.

For example:

real_ip_header CF-Connecting-IP;

ELB doesn’t seem to have any option to do this. You’re almost certainly going to have to aggregate your logs yourself.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.