Send log level to syslog

Bas · September 28, 2017, 7:54am

Hello,

We are currently sending our HAProxy logs to a syslog server using the “log” option of HAProxy.

We use Logstash as our syslog server and it will send the logs to Elasticsearch which we can read from in Kibana.

I would like to be able to see which log level (emerg, alert, crit, err, warning, notice, info, debug) the log line is for so I can sort on that in Kibana.

Would it be possible to append the log level to the log line or is there any other way to make the Logstash server aware of the level?

Thank you for reading this.

Best regards,
Bas

lukastribus · September 28, 2017, 12:35pm

Why? Syslog message contain the priority, just fix your stack to consider it.

Bas · September 28, 2017, 1:55pm

All our messages are currently showing with priority 0. That is for all requests, also for 5xx codes and for example an SSH handshake failure, is that normal?

lukastribus · September 28, 2017, 3:31pm

Check what the actual syslog message looks like (tcpdump or wireshark the syslog traffic). Then you will understand whether haproxy sends the syslog traffic with priority 0, or if it is your stack that is zeroing this field.

Bas · September 28, 2017, 5:05pm

It indeed was an issue with Logstash, the filter was wrong.

Thank you for your help!

Topic		Replies	Views
Using HAProxy to forward syslogs from rsyslog causing TCPSendBuf error Help!	1	530	June 7, 2024
HAProxy between tcp output and logstash Help!	1	3492	March 10, 2021
Haproxy in front of elasticsearch rest api on multinode cluster? KeepAlive Issue? Help!	0	1383	February 12, 2020
No Logs (syslog) Help!	5	708	May 4, 2018
ALOHA HAPROXY log being send format Help!	4	444	November 18, 2022

Send log level to syslog

Related topics