Problem with custom log format and http headers


#1

Hello, everyone.
I’m trying to use this type of log format:

log-format %H\ %ci\ -\ [%t]\ %{+Q}r\ %ST\ -\ %U\ {+Q}[req.hdr(referer)]\ {+Q}[req.hdr(user-agent)]\ %{+Q}CC\ %Tq\ %{+Q}s\ NGINX-CACHE-\ “-”

capture request header Referer len 100
capture request header User-Agent len 100

I’m expecting for getting at logs HTTP geaders of referer and user-agent, but I’m getting this part at logs exactly how I did write it at the configuration. What is the right way for logging custom headers to the log (not only standart referer and user-agent, but also any other)?

My version of haproxy is 1.5.4.

Best Regards.


#2

Ok, found my misstype.
Right line is log-format %H\ %ci\ -\ [%t]\ %{+Q}r\ %ST\ -\ %U\ {+Q}[req.hdr(referer)]\ {+Q}[req.hdr(user-agent)]\ %{+Q}CC\ %Tq\ %{+Q}s\ NGINX-CACHE-\ “-”.

But when I’m starting a service i see this messages:
‘log-format’ : sample fetch <req.hdr(Content-Type)> may not be reliably used here because it needs ‘HTTP request headers’ which is not available here.
‘log-format’ : sample fetch <req.hdr(referer)> may not be reliably used here because it needs ‘HTTP request headers’ which is not available here.
‘log-format’ : sample fetch <req.hdr(User-Agent)> may not be reliably used here because it needs ‘HTTP request headers’ which is not available here.

But why I see this erros if I placed this lines at the frontend configuration:
capture request header Referer len 200
capture request header User-Agent len 100
capture request header Content-Type len 100


#3

Please provide full config and haproxy -vv output.


#4

Ok. I found one solution. It’s by using a capture.req.hdr. But I would prefer using variables with header names, because with capture.req.hdr it is integrated with capturing configuration very much (it’s anough to just add one more capture line to break th log output). So is there any other way?

Current configuration is:

global
log /dev/log local2 debug
log-tag haproxy
pidfile /var/run/haproxy.pid
maxconn 500000
maxsslconn 300000
maxconnrate 99999999
maxsessrate 99999999
maxsslrate 99999999
nbproc 16
cpu-map 1 0-15
stats bind-process 16
user haproxy
group haproxy
daemon
tune.ssl.cachesize 2048000
tune.http.maxhdr 1000
tune.maxaccept 10000
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

defaults
maxconn 500000
backlog 100000
mode http
log global
option httplog
option dontlognull
option dontlog-normal
option redispatch
option http-keep-alive
option forwardfor header X-Real-IP
option redispatch
option tcp-smart-accept
option tcp-smart-connect
option accept-invalid-http-request
retries 3
timeout http-request 80s
timeout queue 4m
timeout connect 100s
timeout client 2m
timeout server 5m
timeout http-keep-alive 5m
timeout check 20s
timeout tunnel 10m
timeout tarpit 1m

frontend fte_http_tcp_80
enabled
mode http
bind-process 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
bind *:80
http-request add-header X-Real-IP %[src]
http-response replace-value Server nginx hamster
redirect scheme https code 301 if !{ ssl_fc }
default_backend bke_for_port_443

frontend fte_http_tcp_443
enabled
mode http
bind-process 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
bind *:443 ssl crt /etc/haproxy/ssl/ no-sslv3 no-tls-tickets # no-tlsv10 no-tlsv11
http-request add-header X-Real-IP %[src]
http-response set-header Strict-Transport-Security max-age=15768000
http-response replace-value Server nginx hamster
redirect scheme https code 301 if !{ ssl_fc }
default_backend bke_nginx_for_port_443
option clitcpka
capture request header Referer len 200
capture request header User-Agent len 200
capture request header Content-Type len 200
log-format %H\ %ci\ -\ [%t]\ %{+Q}r\ %ST\ %{+Q}[capture.req.hdr(2)]\ %U\ %{+Q}[capture.req.hdr(0)]\ %{+Q}[capture.req.hdr(1)]\ %{+Q}CC\ %Tq\ %{+Q}s\ NGINX-CACHE-\ “-”

backend bke_for_port_443
description Backend servers farm for handling undecrypted HTTPS connections
enabled
fullconn 500000
balance roundrobin
server SER1 XX.XX.XX.XX:80 check inter 2000 fall 3 rise 5
server SER2 XX.XX.XX.XX:80 check inter 2000 fall 3 rise 5
source YY.YY.YY.YY
option abortonclose
option http-keep-alive
option prefer-last-server
no option http-server-close
no option http-pretend-keepalive

log output now is:

template haproxy[15619]: test.loc ZZ.ZZ.ZZ.ZZ - [20/Mar/2017:16:09:24.960] “GET / HTTP/1.1” 200 “text/xml” 138 “https://test” “Test” “” 181 “SER1” NGINX-CACHE- “-”

Also is there a way to tell haproxy to replace empty variables with “-” if I’m using {+Q} (right now it’s replacing them with empty value like “”)?