How to configure client IP to be visible in system journal for portal logins

Hi Vesa,

I'm trying to understand the exact issue here.

You're looking at the System journal where you have the combination of 'host' and 'logged in system user' being shown. Under 'Host' you see the client's machine but instead you want to see the client's IP address? Or is the client's IP address not the same as the end user's IP address in your case?

I would say (my first advice), if you want truly detailed control over authentication / logins get a tool like OneLogin or EntraID use OAuth /OIDC to authenticate against your One Identity system and monitor the logon behaviour in that specialized access management tool.

In regards to the systemJournal data, if you look in the DialogJournal table you'll see what's stored there (as part of the login attempt) is the host name, not the IP address. There's no 'easy' configuration to change this (no config parameter or such). Can you delve really deep into the system in the stored procedures that 'create' the records in DialogJournal to change it to store IP addresses? Probably, with smart programming we can build anything ;).

But I suspect here you should say we won't... The tool supports logging the hostname + username. If you want truly detailed control over that using OAuth / OIDC as an authentication method and using a specialized access management tool to monitor access is best...

Of course this is based on very limited information on the use-case / underlying issue... :)

Hi Jos,

Thanks for your reply, I'll try to be more specific.

There is indeed client machine when logging in from any of the admin tools but when the end user is logging into the portal, there is instead an IP address. The IP address belongs to the frontend (portal) server and not to the end users workstation and this is what I would like to change.

I tried setting X-Forwarded-For in the IIS but it made no difference.

Hi Vesa,

I'm not a super expert on this like Markus or Hanno... However as I understand it we have a tiered architecture, meaning the end-client talks to the IIS server, the IIS server talks to the back-end (or ideally an application server in between) and there is no direct link between the end-user and the back-end.

The authentication against the system also happens with a dynamically created web-user (normally) so not the 'actual' end user his account. So I don't think you'll be able to get the end-user his actual authentication / actions (from the web portal) into your dialog journal.

Obviously I'm not aware of the exact usecase here, but why not simply get the authentication attempts from the IIS application's application log?

Hi Vesa,

I'm not a super expert on this like Markus or Hanno... However as I understand it we have a tiered architecture, meaning the end-client talks to the IIS server, the IIS server talks to the back-end (or ideally an application server in between) and there is no direct link between the end-user and the back-end.

The authentication against the system also happens with a dynamically created web-user (normally) so not the 'actual' end user his account. So I don't think you'll be able to get the end-user his actual authentication / actions (from the web portal) into your dialog journal.

Obviously I'm not aware of the exact usecase here, but why not simply get the authentication attempts from the IIS application's application log?