IIS logs show LB IP address for all requests

It appears you are using the snat function, which translates the client IP to the F5 IP. You will need to pass the client IP in a header, done in the HTTP profile by enabling the Insert XForwarded For setting, or in an irule. You will need to extract this information on the server side, I think there are examples how to do this for IIS on this forum if you search for it.

Setting x-forwarded-for is the easy part. There is a fantastic ISAPI custom log filter in the downloads section that causes the IIS server to log the value in the x-forwarded-for as the client IP address in the web logs. We use this so all our web log processing tools still work and for trouble shooting.

 

 

For Apache, there are plenty of examples. When the request comes in, set a variable if the header exists. Then, set two log formats (one where x-forwarded-for is substituted for the requesting IP) and select the log statment based on the state of the variable.

 

 

For SunOne, you have to enable advanced logging but there's no way to selectivly log the real client IP presented if there's no x-forwarded-for. We just ran the logs through some processing to get the real client IP address in the right spot after the fact.

 

 

-p