New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RestAccessLogFilter to use X-Forwarded-For set by trusted proxies #1981

Merged
merged 4 commits into from May 24, 2016

Conversation

Projects
None yet
4 participants
@mikkolehtisalo
Contributor

mikkolehtisalo commented Mar 28, 2016

Solves #1816 for the REST API audit logging.

  • Introduces new configuration value trusted_proxies (comma separated list of IPs, and subnets)
  • Adds RestTools method for RestAccessLogFilter, returning X-Forwarded-For value for logging, if the header was set by trusted proxy
  • As result the REST access log produces client addresses instead of load balancer's address

The same configuration value could be used also for the HTTP based input transports for similar logic, fixing faulty gl2_remote_ip, and similar. Also using the same configuration value for REMOTE_USER implementation could be possible.

@bernd bernd added the feature label Mar 29, 2016

@bernd bernd added this to the 2.1.0 milestone Mar 29, 2016

@runningman84

This comment has been minimized.

runningman84 commented Apr 13, 2016

It would be really great if you would show the last used IP address in the user list.

@mikkolehtisalo

This comment has been minimized.

Contributor

mikkolehtisalo commented Apr 13, 2016

@runningman84 Not a bad idea, but you can get that information by sending the rest access logs to this nice log management product called Graylog ;)

@runningman84

This comment has been minimized.

runningman84 commented Apr 14, 2016

@mikkolehtisalo Graylog does not help here because we need this information in order to identify which user overloads the elasticsearch / graylog cluster. At this time the normal search is most likely not working anymore...

@mikkolehtisalo

This comment has been minimized.

Contributor

mikkolehtisalo commented Apr 14, 2016

Interesting use case. I am unsure where the state information should be stored...

@joschi joschi self-assigned this May 24, 2016

@joschi joschi merged commit e57d313 into Graylog2:master May 24, 2016

3 checks passed

ci-server-integration Jenkins build graylog2-server-integration-pr 862 has succeeded
Details
ci-web-linter Jenkins build graylog-pr-linter-check 350 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@joschi

This comment has been minimized.

Contributor

joschi commented May 24, 2016

@mikkolehtisalo Thanks a lot!

joschi added a commit that referenced this pull request May 24, 2016

@mikkolehtisalo mikkolehtisalo deleted the mikkolehtisalo:issue-1816 branch May 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment