Send-proxy-equivalent functionality within log-forward?


I recently stood up a haproxy 2.4.8 instance in order to take advantage of the log forward functionality. Currently, logs forwarded along via this instance are landing at our back-end SIEM, but the SIEM is treating the haproxy instance as the source IP of said logs. I’m hoping to determine whether log-forward natively forwards traffic similarly to the send-proxy option that can be defined on the server line in a backend config, or if I’m just missing something.

log-forward sendtosiem

    log local0

(It is also possible that the SIEM itself isn’t properly configured to read the proxy-packets correctly. I have a ticket in with them to run that down. Just want to see what I should be expecting out of log-forward)