How to log the client source IP in access logs for Jira Data Center

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

The content on this page relates to platforms which are not supported for JIRA Applications. Consequently, Atlassian cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.

Purpose

Since all requests to Jira nodes in Data Center come through the load balancer, Tomcat will log the load balancer IP in the access logs by default. 

This limitation makes troubleshooting web requests in Data Center difficult. 

It is possible for Tomcat to log the value from X-Forwarded-For header sent by the load balancer via Tomcat's RemoteIpValve. Note this will add a minor overhead as Tomcat will have to parse all HTTP headers. 

Solution

  1. Add the following attribute to the existing access log valve in server.xml

    requestAttributesEnabled="true"

    The valve will look similar to the following: 

                <Valve className="org.apache.catalina.valves.AccessLogValve"
                   requestAttributesEnabled="true"
                   pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%{sanitized.query}r %H" %s %b %D "%{sanitized.referer}r" "%{User-Agent}i" "%{jira.request.assession.id}r""/>

  2. Add a new RemoteIpValve to server.xml above the AccessLogValve:

                <Valve
                   className="org.apache.catalina.valves.RemoteIpValve"
                   remoteIpHeader="x-forwarded-for"
                   remoteIpProxiesHeader="x-forwarded-by"/>

    (warning)  If the proxy has a routable IP or a class B private network address space (172.16.0.0/12), it is necessary to add the internalProxies property to the RemoteIpValve to reflect the proxy IP addresses via regular expression. For example:

    internalProxies="172\.16\.0\.10|172\.16\.0\.11"

    More information on configuring these settings can be found in Tomcat's RemoteIpValve documentation.


  3. Restart Jira. 


DescriptionHow to log the client IP in access logs for Jira Data Center
ProductJira Data Center

Last modified on Dec 9, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.