Capturing client IP in ROR logs

askids · January 7, 2021, 12:33pm

hi,

We currently have client side application calling a webservice which internally hits ES cluster. So all calls to ES cluster is via web service only. In case, we want to attach the client IP on the ES calls, is there a standard header which can be leveraged to capture this information and is already logged automatically?

Thanks!

coutoPL · January 7, 2021, 7:12pm

ROR logs all headers sent with http request to ES in HDR field for matched blocks with verbosity level info. Doesn’t it cover you use case?

askids · January 7, 2021, 8:42pm

For all custom headers, ROR only logs header key and not the actual value. Only for some standard headers, it logs both header key and value (like forwarded, origin etc). We currently use query audit log serializer.

coutoPL · January 7, 2021, 9:00pm

oh, you are talking about ROR audit. Indeed, the default serializer doesn’t log headers values. But you can write your own, custom serializer (see docs) - all headers (name and values) are available in AuditRequestContext object. Here you can find an example of such custom serializer written in java (or in scala - more examples here: elasticsearch-readonlyrest-plugin/custom-audit-examples at master · sscarduzio/elasticsearch-readonlyrest-plugin · GitHub)

askids · January 7, 2021, 9:17pm

I am aware of the custom audit option. But our apps are all on .Net stack. Hence there is no appetite to customize the serializer (which is in Java/Scala). That is why I was asking about any headers that is already logged with value, that can be safely used without impacting the audit log.

coutoPL · January 7, 2021, 9:29pm

oh come on … c#, java all the same shit

all you have to do is to just check out ROR repo, change several lines in example project I shown, build jar and you have your serializer. All is described in docs - no magic

askids · January 11, 2021, 5:18am

Easier said than done Unfortunately that is not how enterprise application teams work. Each technology introduced into an application has to be supported by that team in the long run. Any FOSS product that we further customize will need to go through additional reviews, risk assessment etc. So its becomes much more than C# or Java.

sscarduzio · January 11, 2021, 9:01pm

Hi @askids, we would be happy to provide the custom serializer for you. Unfortunately, by policy, custom developments require either enterprise support, or an ad-hoc consulting contract.
Please do reach us out at support AT readonlyrest.com