GBK
June 6, 2021, 2:04pm
1
Hello,
I am setting up new haproxy by following the Introduction to HAProxy Logging - HAProxy Technologies and the logging is not working. Do you know what could be wrong?
version of haproxy: haproxy*-1.5.18-9.el7.x86_64
redhat release:Red Hat Enterprise Linux Server release 7.9 (Maipo)
Thanks
GBK
Please share your configuration.
GBK
June 8, 2021, 2:41pm
3
Thanks for the response, below are the configurations.
haproxy.cfg
global
log 127.0.0.1:514 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
listen stats
bind *:9090
balance
mode http
stats enable
stats uri /
stats refresh 5s
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend connection_input
mode tcp
log 127.0.0.1:514 local2
bind *:8553
default_backend servers
backend servers
mode tcp
balance roundrobin
server xx xx.com:5678
server xxxx xxxx.com:5678
server xxxxx xxxxx.com:5678
->/etc/rsyslog.d/haproxy.conf
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
Creating separate log files based on the severity
local2.* /var/log/haproxy.log
local2.notice /var/log/haproxy-allbutinfo.log
tcpdump on the loopback interface, to see if haproxy transmit log message or not. If it is, check rsyslog configuration.
tcpdump -i lo udp port 514
GBK
June 9, 2021, 5:45pm
5
This is what i see with tcpdump
$tcpdump -i lo udp port 514 -vv
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
Did you trigger haproxy to produce log message, during your capture?
Stopping/starting haproxy, generating requests?
GBK
June 9, 2021, 7:32pm
7
I was able to trigger messages on tcpdump trace by restarting haproxy service.
GBK
June 9, 2021, 7:54pm
9
But , i was not able to see any logs generated under /var/log? what could be missing ?
Well I don’t know much about rsyslogd. I suggest you check that configuration and reach out to the rsyslogd community if necessary.
GBK
June 9, 2021, 9:45pm
11
Thank you. There are couple of locations I can think of whereabouts of these files. Can you please point me the paths and files and I need to look for rsyslogd confs.
No, like I said I don’t know much about rsyslog.
This is my rsyslog config if it helps (Some variables (we use ansible to deploy this) need to be replaced according to your installation)
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1
$umask 0000
$FileCreateMode 0644
local2.* {{ log_dir }}/{{ artifact }}.log
& stop
We also rotate the log file daily with this logrotate config
{{ log_dir }}/{{ artifact }}.log {
daily
rotate 10
missingok
notifempty
compress
create 644 {{ ansible_ssh_user }} {{ ansible_ssh_group }}
sharedscripts
postrotate
/bin/kill -HUP cat /var/run/syslogd.pid 2> /dev/null
2> /dev/null || true
/bin/kill -HUP cat /var/run/rsyslogd.pid 2> /dev/null
2> /dev/null || true
endscript
}
GBK
June 11, 2021, 9:37pm
14
Thank you, if possible can you please paste your haproxy.conf as well.
global
log localhost:514 local2
chroot /var/lib/haproxy
maxconn 4000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
ssl-default-server-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
defaults
log global
option logasap
option dontlognull
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 30s
timeout client 30s
timeout server 70s
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
And then some front-ends and back-ends that aren’t relevant to this topic