We configure HAProxy log format for each frontend to output JSON which is then parsed by our centralised logging system.
This works fine for normal traffic, but we seem to get a lot of SSL handshake failures from clients, and when this occurs, HAProxy ignores this JSON format, and outputs plaintext, so we get a lot of JSON parse errors like:
JSON object is not an object; input='172.18.0.1:42770 [03/Aug/2018:11:46:05.649] port_443/1: SSL handshake failure'
Is there a way to configure the “error” log format HAProxy uses?
Our config looks like:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
defaults
log global
mode http
log-format "{\"timestamp\":\"%tr\",\"method\":\"%HM\",\"host\":\"%[capture.req.hdr(0)]\",\"path\":\"%HP\",\"query\":\"%HQ\",\"uob_username\":\"%[capture.res.hdr(0)]\",\"useragent\":\"%[capture.req.hdr(1)]\",\"client\":\"%ci\",\"referer\":\"%[capture.req.hdr(2)]\",\"duration\":\"%Tt\",\"size\":\"%B\",\"status\":\"%ST\",\"sslcipher\":\"%sslc\",\"sslversion\":\"%sslv\",\"sls_tag_0\":\"neptune\",\"service\":\"%b\",\"sls_tag_2\":\"%s\",\"sls_service_level\":\"${SERVICE_LEVEL}\",\"x_forwarded_for\":\"%[capture.req.hdr(3)]\"}"
frontend port_443
log local-traffic-logger len 65535 local0