Currently the audit recording process uses standard javax.servlet.http.HttpServletRequest.getRemoteAddr() call to get the client IP address, this provides the proxy / load balancer address instead of the real client address.
The process should be updated to make a call to find out if X-Forwarded-For header exists, and if it does, use that value instead of the getRemoteAddr() value.
Without this change, data in audit logs is not as useful as it could be.
