Hey pals!
Do u know if I can log source IP of clients that connects to load balancer of edge server like access log in IHS????

I need to know who connects to load balancer..... :S 

A big hug.  

Yas 

Hello Yasmin,

  Do you want something like this?

  Using binary logging to analyze server statistics
  publib.boulder.ibm.com/infocenter/wasinf...
 
  resumen the link information:

The following information is stored in the binary log for each server defined in the configuration.

• cluster address


• port number


• serverID


• server address


• server weight


• server total connections


• server active connections


• server port load


• server system load

A sample Java™ program and command file have been provided in the ...ibm/edge/lb/servers/samples/BinaryLog directory. This sample shows how to retrieve all the information from the log files and print it to the screen. It can be customized to do any type of analysis you want with the data. An example using the supplied script and program for the dispatcher would be: 

  Hope this helps

regards

Yasmin,

Just to clarify, are you using a hardware load balancer or a software load balancer?  I've used BigIP F5 load balancers and there was a specific configuration option that the administrators needed to set in order to retain the client IP address.  Otherwsie all inbound connections to the web servers appeared from a single IP...


Erik

Gabriel, thanks for the information. I think I need the Denial of service attack detection 'cause I wanted to log all access (client address+request) exactly for detect this case. Also says: 

"In addition to statistical data reported, the halfopenaddressreport will also generate entries in the log (..ibm/edge/lb/servers/logs/dispatcher/halfOpen.log) for all the client addresses (up to approximately 8000 address pairs) that have accessed servers that resulted in half open connnections."

Erick, It is a software load balancer: Websphere Edge Server. It has a load balancer through a dispatcher component.  

 Thanks pals! Anything else, please let me know ;)

Hi Gabriel, Erick.
About this thread, there's currently a need in my bussiness to log the CLIENT addresses who connect to the Websphere Edge load balancer (like it does access.log) for audit purposes. Binary logging can log: server adresses, server total connections, server active connections...but no says who's client doing the request (IP address).... :(

Do you know if there's any way for that?

I hope you can help me. ;)
Hugs.

Hi Yasmin,

  I don't know your server architecture, but based on diferent scenarios of Edge components,

 http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/topic/com.ibm.websphere.edge.doc/concepts/concepts14.htm?path=1_0_4#scenarios

  Your solution could be a Caching Proxy

  Configuring access log filters
  http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/topic/com.ibm.websphere.edge.doc/cp/admingd40.htm?path=1_1_7_0_2_1#wq245

  Some examples:


www-10.lotus.com/stwiki.nsf/dx/introduct...


www.redbooks.ibm.com/abstracts/sg246392....
Chapter 8 implementing sample topology, page 394


  I'm asking collegues diferent posibilities

  Hope this helps,

regards,

Perhaps this could help. too:
www-01.ibm.com/support/docview.wss?uid=s...

Hi guys,
Thanks for answers :)

Gabriel, you're right. Caching Proxy exactly does what I need. I have to discuss that option with my people because I don't know if I have a machine/server where I can install it. :S And If I install CP with LB, I will have to configure any of them for port 81. :S

Christoph, great article!! Surprisely it mentioned:
"Since MAC Forwarding keeps SourceIP=Clientip it is easy to log clientip in the backend server access logs where as with NAT the clientip is lost and Edge is not a server type that has an equivalent to an access log."

But it doesn't say how to log clientip in the backend server :'(

Right now, the only thing I thought for logging clientip is use a tool like TCPdump to capture all packets to a binary file which is readable, in the load balancer or backend server. But I don't know if that is a good option.

Let me know what you're think. ;)

Thanks for all!

[quote author=113522649 post=518471751]Hi guys,
Thanks for answers :)

Gabriel, you're right. Caching Proxy exactly does what I need. I have to discuss that option with my people because I don't know if I have a machine/server where I can install it. :S And If I install CP with LB, I will have to configure any of them for port 81. :S

Christoph, great article!! Surprisely it mentioned:
"Since MAC Forwarding keeps SourceIP=Clientip it is easy to log clientip in the backend server access logs where as with NAT the clientip is lost and Edge is not a server type that has an equivalent to an access log."

But it doesn't say how to log clientip in the backend server :'(

Right now, the only thing I thought for logging clientip is use a tool like TCPdump to capture all packets to a binary file which is readable, in the load balancer or backend server. But I don't know if that is a good option.

Let me know what you're think. ;)

Thanks for all!
[/quote]

That depends on what the backend system (and it's topology) is.
IHS (and other web servers) provide access logging which by default logs the client ip address for each HTTP request. 
As far as I know, WAS itself provides access logging, too, but as far as I know it's hidden somewhere deep in ibm console. 

I didn't knew Websphere allows to enable access logging for an HTTP transport channel (HTTP error and NCSA access log settings). I just learn something new :)

But I still have the detail that what I need to register is the IP who requests in first place. Like it says the article: "Since MAC Forwarding keeps SourceIP=Clientip it is easy to log clientip in the backend server access logs" :S

My topology is one Edge Server (as load balancer), two IHS and two WAS App Servers.

If I enable access logging in WAS App Server, it logs IP of IHS.

If I enable access logging in IHS, it logs IP of Load Balancer.

Mmm. I still thinking how can I capture the packet and get the clienteip. :-S

when configuring the load balancer for mac forwarding, IHS logs the client IP (and not the load balancer's IP) in access.log

Hi Yasmeen,

In this case client IP address is replaced with IP address of EDGE. To resolve this please use custom http header "X-Forwarded-For" in log format of IHS. IBM http server support forwarding this custom http header. For header it reads the IP address, insert it into the X-Forwarded-For header, and pass it along upstream in the http request.

Default log format in httpd.conf will be as below:

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Now please try following two approach:

1) Comment default log format and append following four lines in httpd.conf

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined  
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" proxy  
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded  
CustomLog "logs/access_log" combined env=!forwarded  
CustomLog "logs/access_log" proxy env=forwarded

2) Your previous threads says that SourceIP=Clientip hence you may also try below if point 1 doesn't work.

LogFormat "%Clientip %l %u %t "%r" %>s %b "%{Referer}i""%{User-Agent}i"" proxy
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog / proxy

Do let me know the results.

Hi guys!
Great idea, Aziz. I didn't realize about http-header, but I tried your suggestion and it didn't work. I guess the name of the http header that puts the Edge server isn't 'X-Forwarded-For' or 'Clientip'.... I keep looking for options. Any results, I will let you know! ;-)

Thanks you all, again :-)

Yasmin