Can you get the IP addresses of clients connecting to a S3 bucket using StorageGRID?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 66

Visibility:: Public

Votes:: 0

Category:: storagegrid-webscale

Specialty:: sgrid

Last Updated:

Applies to

StorageGRID

Answer

Some IP addresses are available via the audit.log but they may be linked to a Load Balancer or Endpoint and potentially won't identify a specific user depending on the configuration.

Example from audit.log:

2024-06-01T00:00:12.682867 [AUDT:[RSLT(FC32):SUCS][CNID(UI64):1717200012675290][TIME(UI64):1330][SAIP(IPAD):"xxx.xxx.xxx.xx"][TLIP(IPAD):"xxx.xxx.xxx.xxx"][S3AI(CSTR):"02678937930171242547"][SACC(CSTR):"fabric_pool"][S3AK(CSTR):"FHCKH8PSNHE2KTSQQKUV"][SUSR(CSTR):"urn:sgws:identity::02678937930171242547:root"][SBAI(CSTR):"02678937930171242547"][SBAC(CSTR):"fabric_pool"][S3BK(CSTR):"data01fabricpool"][AVER(UI32):10][ATIM(UI64):1717200012682867][ATYP(FC32):SHEA][ANID(UI32):12824526][AMID(FC32):S3RQ][ATID(UI64):10905048138889906804]]

SAIP = IP address (request sender) -The IP address of the client application that made the request.
IPAD = Used for IP addresses.
TLIP =Trusted Load Balancer IP Address - If the request was routed by a trusted Layer 7 load balancer, the IP address of the load balancer.

Additional Information

Audit log file format: Overview