When you sign on to CloudFlare the way your logs are displayed will change because CloudFlare acts as a proxy. This means that your visitors are routed through the CloudFlare network. This allows CloudFlare to stop attacks before they reach your network. It also allows CloudFlare to speed up page load time by more efficiently routing packets and, more importantly, caching static resources (images, javascript, css, etc.) on a very fast connection. However, as a result, the connecting IP will always come from the CloudFlare network.
CloudFlare reports the IP address of the visitor in an HTTP header it appends: CF-Connecting-IP, so there is some information on the original visitor. However in some instances where you have other programs that depend on the incoming IP address of the original visitor, there will be issues. The good news is that there is a solution which is outlined below.
This diagram helps explain more:
Solutions for restoring original visitor IPs to server and CMS platforms