Nginx: Log client ip behind NAT with http_x_forwarded_for (X-Forwarded-For Header)

Use nginx real_ip module

nginx -V | grep with-http_realip_module
 
# /etc/nginx/nginx.conf
...
http {
    ...
    # set_real_ip_from 0.0.0.0/0;
    set_real_ip_from x.x.x.x/x; # LB subnet
    real_ip_header X-Forwarded-For;
    ...
}
...

Option 2: customize log_format

cat /etc/nginx/nginx.conf
...
log_format  main  '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
...

Reload Nginx configuration

service nginx reload

Links
http://www.loadbalancer.org/blog/nginx-and-x-forwarded-for-header/
https://serverfault.com/questions/729128/overriding-nginx-access-log-directive-duplicate-log-entries
http://nginx.org/en/docs/http/ngx_http_log_module.html
https://www.nginx.com/resources/wiki/start/topics/examples/full/