Behind AWS ELB : How to grab the Real IP from "netstat"?

Question

I'm using AWS Elastic Load Balancing (ELB) in front of 2 Linux Web Servers. But (based on my requirement) i need to know the Real IPs from the Web Servers' perspective, especially when i use netstat.

I need to know the number of incoming connections from each IPs (from NETSTAT), as in real time. So basically in Linux (without ELB in front), below netstat command perfectly works:

netstat -tn 2>/dev/null | grep :80

But now i can only see the internal IP(s) of the ELB; which is making the whole thing quite difficult.

What is the solution for this please? Thanks.

Answer 1

You could get the client source IP from ELB Access Logs and use EMR with Hive to count the number of times a client request came in from the same IP.

Answer 2

If you prefer a more "manual" ways: you could use tcpdump or ngrep and search for "x-forwarded-for" header on your web servers.

If you want a proper way: set some logging in your application, log the clients requests with the x-forwarded-for header.

Whatever method you choose, you could then install cloudwatch logs agent on your machines to monitor the logs generated. This agent takes care of log rotation, sending your logs to AWS as a stream (through kinesis behind the scene), and you can then create log metrics to monitor whatever you like in your logs, e.g the number of connections in real time, and even configure alarms based on this if you like. You can then create dashboards with your metrics and have a nice monitoring panel including your custom log metrics.