Score:1

Server

AWS EC2 not showing a request for IP Issue

sam23

10/28/23, 1:10 PM

My AWS web servers are not showing a request for example '42.26.32.120' after running some athena queries We are unable to identify the cause of the issue, as the IPs is not in any of the access logs Therefore, I am trying to find out where the request was lost. I found some output against athena queries

SELECT * FROM alb_logs
WHERE client_ip= '42.26.32.120'

From the results this seems to indicate that after the new app launch ip haven't been able to connect?

Would that be behavior if clients had hard coded an old ALB IP address locally? For example, into their hosts file or into their organization wide internal DNS.

" if they had defined (client)the IP address as what it resolved at initially e..g currently load balancer is at 3.334.144.112 If someone changed their host file to have that resolve for test.com and the IP changed could we still get logs somehow or what would their behavior be failed to resolve I presume and no logs?"

If the request just hung in ALB would it log it? e.g. if it couldn't find target machine, or if ALB was no longer around would we have logs in those cases?

Could anyone help me with this? Any sort of help would be appreciated.

1 + 6

domain-name-system

load-balancing

amazon-web-services

amazon-alb

Tim

10/28/23, 9:17 PM

Your question isn't entirely clear. All connections to the ALB should be in the log even if it doesn't connect to an EC2 instance. I don't understand what you mean about "ALB location statically". If the ALB is "no longer around" (i.e. deleted) then it wouldn't log. Please provide more details. In your place I would make a request from a few different clients / IPs, wait 30 minutes, download the logs to my PC, then search them with a text editor such as Notepad++ rather than using Athena, because that will search the whole log.

sam23

11/1/23, 4:28 AM

@Tim , I'm unable to identify the cause of the issue, as the IPs is not in any of the access logs Therefore, I am trying to find out where the request was lost. could you pl explain the solution to understand better ?

Tim

11/1/23, 8:53 AM

Not really, there's insufficient detail to help you. Suggest you download the logs (ALB / web server) and look at them on your computer.

sam23

11/1/23, 9:14 AM

I did check the logs , Form the ALB logs results this seems to indicate that after the new app launch (new website) this ip haven't been able to connect? I want to know Would that is this behavior if clients had written our ALB location statically? and If the request just hung in ALB would it log it?

Tim

11/1/23, 5:43 PM

Can you please explain what "ALB location statically" means. The only way you look up an ALB is using DNS, which has a TTL of about 5 minutes, as the IP of an ALB can change without warning as AWS scales the ALB or changes servers.

sam23

11/1/23, 6:37 PM

@Tim if they had defined (client)the IP address as what it resolved at initially e..g currently load balancer is at 3.334.144.112 If someone changed their host file to have that resolve for test.com and the IP changed could we still get logs somehow or what would their behavior be failed to resolve I presume and no logs?

Score:0

Server

Tim

11/1/23, 6:57 PM

You should not try to hard code ALB IP addresses. ALB is a service, AWS can move traffic to another server / node at any time, so any hard coding could prevent your client accessing the server.

If you can't see your client IP in the logs, but the client can access the resources behind the ALB there are two primary things here that could be wrong:

You might not have the true public IP of the client
You might not be looking in the right place for the access logs

For the client IP visit https://whatismyipaddress.com/ or similar. There are command line versions available such as http://checkip.amazonaws.com (curl that address)

If you download all logs and search them with a text editor that reduces the chance you are using Athena incorrectly, such as looking in the wrong field.

I suggest ALB and web server logs are both downloaded to

+ 4

sam23

11/2/23, 9:01 AM

Client IPs are visible with the logs from the Athena query accessing resources until we launch our new site on 5th October 2022, we can see the logs up until the 4th October, IPs are not visible in any of the web server access logs. my query is , Can we still get logs if someone changes their host file to resolve for test.com and the IP changes, or how would their behavior change?

Tim

11/2/23, 9:14 AM

Your questions are quite confusing. So long as the request hits the ALB the entry will be in the logs, regardless of DNS. If the request doesn't reach the ALB it won't be in the ALB logs.

sam23

11/2/23, 1:03 PM

Yes, we can't control what clients do though The old ALB IP would still be owned by AWS right, no way to query there logs I presume to see if it received requests for our host name .

Tim

11/2/23, 6:02 PM

That's correct. I understand better now, you're talking about the scenario where a client deliberately hard coded the ALB IP. I've slightly edited that line of your question to be a little more clear.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AWS EC2 not showing a request for IP Issue

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.