How to log the client source IP in access logs for Jira Data Center

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Data Center Only - This article only applies to Atlassian products on the data center platform.


Since all requests to Jira nodes in Data Center come through the load balancer, Tomcat will log the load balancer IP in the access logs by default. 

This limitation makes troubleshooting web requests in Data Center difficult. 

It is possible for Tomcat to log the value from X-Forwarded-For header sent by the load balancer via Tomcat's RemoteIpValve. Note this will add a minor overhead as Tomcat will have to parse all HTTP headers. 


  1. Add the following attribute to the existing access log valve in server.xml


    The valve will look similar to the following: 

                <Valve className="org.apache.catalina.valves.AccessLogValve"
                       pattern="%a %{}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{}r&quot;"/>
  2. Add a new RemoteIpValve to server.xml above the AccessLogValve:


    (warning)  If the proxy has a routable IP or a class B private network address space (, it is necessary to add the internalProxies property to the RemoteIpValve to reflect the proxy IP addresses via regular expression. For example:


    More information on configuring these settings can be found in Tomcat's RemoteIpValve documentation.

  3. Restart Jira. 

DescriptionHow to log the client IP in access logs for Jira Data Center
ProductJira Data Center

Last modified on Sep 22, 2021

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.