Sending HAproxy events to syslog.. issues

So I’ve got an Ubuntu 20.04 LTS server setup with Haproxy and I’m trying to fwd log info to Splunk Cloud.

I have the Haproxy.cfg with a Global entry:

log 127.0.0.1. local4

And I’ve got an entry in /etc/rsyslog.conf for the remote server:

*.* @@10.1.1.1:1603

(The @@ is for TCP and yeah I’m using a non-standard port that was assigned to me for this by InfoSec)

The latest versions of Haproxy create it’s own rsyslog config file /etc/rsyslog.d/hapyoxy.log with:

# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes $AddUnixListenSocket /var/lib/haproxy/dev/log

# Send HAProxy messages to a dedicated logfile :programname, startswith, "haproxy" {   /var/log/haproxy.log   stop }

And finally I’ve added a line to /etc/rsyslog.d/50-default.conf:

local4.* /var/log/haproxy.log

So I believe I’ve got it all setup how it should be, so I run logger “please work” and I can see that line when I: tail /var/log/haproxy.log and tail /var/log/syslog but nothing on the remote end. So then I try: logger -n 10.1.1.1 -P 1603 -T “please really work” and I finalyl see events in Splunk.
I then made a few LDAPS requests to this specific HAP server but there’s nothing in /var/log/syslog or /var/log/haproxy.log.