varnisnsca , centralised logging, conditional logging of X-Fowarded-For

[Guy Brodie]

Hi Everyone,

I'm sure this must be answered somewhere, so I do apologise if this has been answered before.

Problem:  How to get _either_   X-Forwarded-For  _or_ client.ip (in the absence of X-Forwarded-For) into a single NSCA formatted log file using varnish / varnishnsca.

Situation:  We host many sites through varnish, some of which are served via an upstream CDN  - i.e. a proxy that supplies X-Forwarded-For,  and some which don't - ie. There is no X-Forwarded-For and just a direct connection.

I have tried the -f flag to varnishnsca,  however it seems to only log an IP address for  X-Forwarded-For   if it exists, or '-' if it doesn't, meaning when I specify -f I lose all ip addresses for direct connections in the varnishnsca log file.

I have followed tips to set X-Forwarded-For from client-ip using VCL,  and that works for the downstream connections (the webservers can produce good logs),  however I'm trying to get a single  log file from varnish.  

(FWIW - this log file is to be parsed by AWStats)
Varnish version: varnish-3.0.0 revision cbf1284

I think I'm missing something obvious:
* a custom log format or something?
* Or the -f functionality is not implemented conditionally as per the description in the bug report "log X-Forwarded-For instead of clientip if it exists" ( see https://www.varnish-cache.org/trac/ticket/335 )
* Or my X-Forwarded-For is present but blank (how could that be?)
* Question: Does modifying the X-Forwarded-for fields using VCL (in sub vcl_recv ) have any impact on what would be logged using varnishnsca ?

Any help appreciated!

Thanks for reading : -)

GB

(Actually just found this post: https://www.varnish-cache.org/lists/pipermail/varnish-misc/2012-August/022381.html - exact same problem I think).