Typically in "child-parent" / "downstream-upstream" ProxySG deployments the users IP address is not available to the parent proxy. In this scenario data analysis tools are unable to trace traffic back to the original user.
One option for working around this is to leverage the X-Forwarded-For header field to pass on the users IP address to the parent ProxySG. Once the parent ProxySG has the value we can write policy to extract the data and write it to all access logs or a specific access log.
The following CPL will achieve two things