0

I've been following the instructions found here, https://www.haproxy.com/blog/introduction-to-haproxy-logging/, to setup our logging. As documented, I made an rsyslog config file, haprorxy_log.conf, and restarted rsyslog:

# Collect log with UDP
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514

# Creating separate log files based on the severity
local0.* /home/user1/logs/haproxy/haproxy.log

Following this, I put the required rule in the global settings for the config file:

global
  log 127.0.0.1:514   local0
  maxconn 4096
  quiet
  user root
  group root

#/installs version
defaults
  log     global
  mode    http
  retries 3
  timeout client 3600s
  timeout connect 3600s
  timeout server 3600s
  option httplog
  balance  roundrobin

So far, the only difference I have seen is that when I start haproxy with the logging line in the global settings, it outputs warnings for the config file to the console. I have not seen a file generated for this under /home/user1/logs/haproxy/. Are there any other steps I should take?

SVill
  • 77
  • 3
  • 13
  • have you tried to include log 127.0.0.1:514 local0 "info" word? – Marat Gainutdinov Jun 17 '20 at 20:28
  • I just tried that, with the same result. I also tried putting this line in the frontend as well, and manually creating the haproxy.log file prior to running haproxy. Same result. – SVill Jun 17 '20 at 20:56
  • please try to replace 127.0.0.1:514 with /dev/log – Marat Gainutdinov Jun 17 '20 at 20:59
  • and the you might try to create a file /etc/rsyslog.d/haproxy.conf with $AddUnixListenSocket /var/lib/haproxy/dev/log NEWLINE if $programname startswith 'haproxy' then /var/log/haproxy.log – Marat Gainutdinov Jun 17 '20 at 21:01
  • Additionally please don't forget to restart rsyslog – Marat Gainutdinov Jun 17 '20 at 21:05
  • So, what warnings do you get when adding the logging line? – Gerard H. Pille Jun 17 '20 at 21:19
  • @MaratGainutdinov I've made the change to the config file, which did not seem to do anything. I'll need to request that the rsyslog be changed, so it could take some time for that to be tested. – SVill Jun 18 '20 at 15:01
  • @GerardH.Pille The only thing I get is warnings if there is an issue with the config file, like "Message from syslogd@localhost at Jun 17 12:00:00 ... haproxy[****]: backend servers-testfailure has no server available!". I expect things like this, but I see no messages for network events when I go to the services haproxy fronts. Also, I would expect this at least in the log file, not the console – SVill Jun 18 '20 at 15:01

1 Answers1

1

I hope configuration below will help, ubuntu18:04 haproxy 2.0.15 in my case all requests are logged in /var/log/haproxy.log

enter image description here

root@marat6c:~# cat /etc/haproxy/haproxy.cfg
global
        log /dev/log    local0 info
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend mywebsite
        bind *:80
        default_backend webservers
backend webservers
        server web1 duckduckgo.com:80


root@marat6c:~# cat /etc/rsyslog.d/49-haproxy.conf 
# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log

# Send HAProxy messages to a dedicated logfile
:programname, startswith, "haproxy" {
  /var/log/haproxy.log
  stop
}
Marat Gainutdinov
  • 160
  • 7