I’ve been working on creating a new syslog setup and have run into an issue, that i cannot find a solution for, so i thought maybe someone here could help me out.
I have a setup with 2 syslog servers and 2 haproxy nodes(in HA with keepalived). i have 2 endpoints on configured on the haproxy nodes “endpoint_X” and “endpoint_Y” for different types of logs. I would like to control the flow of syslog messages, so that when syslog is send to “endpoint_X” its send to syslog01 and when “endpoint_Y” its send to syslog02. this is normally done with the use of ACL’s for normal frontends. But for syslog I use HAproxy’s “log-forward” function, where ACL’s is not supported for.
Below is seen an example of my config:
ring syslog01 description " " format rfc3164 maxlen 1200 size 357913941 server syslog01 XXXXX_01:514 source YYYYY check timeout client 90s timeout connect 10s timeout server 90s timeout check 10s ring syslog02 description " " format rfc3164 maxlen 1200 size 357913941 server syslog02 XXXXX_02:514 source YYYYYY check timeout client 90s timeout connect 10s timeout server 90s timeout check 10s log-forward syslog bind 0.0.0.0:514 bind [::]:514 dgram-bind 0.0.0.0:514 dgram-bind [::]:514 log ring@syslog01 local0 log ring@syslog02 local0
i have tried some like the following, but as stated ACL does not work with log-forward:
acl acl_endpoint_X hdr(host) -i endpoint_X acl acl_endpoint_X hdr(host) -i endpoint_Y log ring@syslog01 local0 if endpoint_X hdr(host) log ring@syslog01 local0 if endpoint_Y hdr(host)
does anyone have an idea if there is something i can do to get around this issue, so i can control the data flow in log-forward? I use haproxy version 2.6