While we investigating SOC alert coming from DC log . We see that failed login attemp coming from the outside is related to ftp server.
After that we investigate the ftp server log we see that there is not a public ip details in the log. We see only LB internal ip .
how can we handle this poor log .
"X-Forward for" config on LB is resolve or not ?