Send log level to syslog


#1

Hello,

We are currently sending our HAProxy logs to a syslog server using the “log” option of HAProxy.

We use Logstash as our syslog server and it will send the logs to Elasticsearch which we can read from in Kibana.

I would like to be able to see which log level (emerg, alert, crit, err, warning, notice, info, debug) the log line is for so I can sort on that in Kibana.

Would it be possible to append the log level to the log line or is there any other way to make the Logstash server aware of the level?

Thank you for reading this.

Best regards,
Bas


#2

Why? Syslog message contain the priority, just fix your stack to consider it.


#3

All our messages are currently showing with priority 0. That is for all requests, also for 5xx codes and for example an SSH handshake failure, is that normal?


#4

Check what the actual syslog message looks like (tcpdump or wireshark the syslog traffic). Then you will understand whether haproxy sends the syslog traffic with priority 0, or if it is your stack that is zeroing this field.


#5

It indeed was an issue with Logstash, the filter was wrong.

Thank you for your help!