This is mode tcp (not HTTP), so I can not use x-forwarded-for. The source port of the original connection shows in the syslog. It's the newly generated source port from haproxy that doesn't appear to be logged anywhere, so no way to tie the logs together.
> -----Original Message----- > From: Patrick Viet [mailto:[email protected]] > Sent: Saturday, January 31, 2009 10:39 PM > To: John Lauro > Cc: Haproxy > Subject: Re: Client IPs logging and/or transparent > > I would rather say, patch haproxy so that it not only sends > x-forwarded-for but also x-forwarded-for-sourceport. > Patrick > > On Sat, Jan 31, 2009 at 4:48 AM, John Lauro > <[email protected]> wrote: > > Hello, > > > > > > > > Running mode tcp in case that makes a difference for any comments, as > I know > > there are others options for http. > > > > > > > > I need to preserve for auditing the IP address of the clients and be > able to > > associate it with a session. One problem, it appears the client IP > and port > > are logged, however it appears that only the final server is logged, > but not > > the source port for the outgoing connection. In theory, assuming ntp > in > > sync, I should be able to tie the logs together if I had the port > number > > that was used in the outgoing connection. Is there some way to turn > this > > on, or am I just missing it from the logged line? > > > > > > > > The other option appears to be to setup haproxy act transparently. > This > > appears to be rather involved and sparse on details. Based on > examples I > > found on using squid with it, it appears to be more involved then > just > > updating kernel. If anyone can post some hints on their setup with > haproxy > > (sample config files and sample iptables (or are they not required)) > that > > would be great. If there is a yum repository with a patched kernel > and > > other bits ready to install that would be even better. > > > > > > > > In some ways it looks rather messy to setup and support, but IP > tracking is > > important. > > > > > > > > > > > >
