You are correct that if the connection is occurring only via the web client, the IP address in the API log would be where the client connection to the server is from which is from the mid-tier. So, that would not be useful in this situation.
For an API program or other direct interaction, this will be the end user IP address. But for Web interaction, it is not -- it is the IP address of the mid-tier. So, this solution will not work for your situation, you need some way to backtrack the connection from the mid-tier and I don't know if there is anything in place to allow you to do that effectively. Sorry that I missed the mid-tier detail for this answer, Doug Mueller -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pritch Sent: Friday, June 15, 2012 11:07 AM To: arslist@ARSLIST.ORG Subject: Re: Question on user logging Thanks Doug - by client you also mean the web? I'm on 7.6.03 and the clients only come in via the web. ----- Original Message ----- From: "Doug Mueller" <doug_muel...@bmc.com> To: arslist@ARSLIST.ORG Sent: Friday, June 15, 2012 1:46:30 PM Subject: Re: Question on user logging Take a look at the API log. That log includes the user name and where from (the IP address). NOTE: This is the IP address that the client thinks they are and if you go through IP address remappers and such that might not be the IP address you think it is. But, it is what the client thinks it is. There MUST be some API call arriving for the user to be attempting to validate so you will find the user in the API log (at the same timestamp) as the user entry in the User log. This should allow you to gather some information about where the connection is coming from. I hope this helps, Doug Mueller -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pritch Sent: Friday, June 15, 2012 8:47 AM To: arslist@ARSLIST.ORG Subject: Question on user logging Does anyone have a way to be able to identify the source IP address of a user? I have a user that is showing in the user log as trying to log in (is actually locked out) and they are saying they haven't tried to access the system in weeks. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
