Stats counter for ssl handshake failure


#1

I am using ssl termination at Haproxy.

I am getting ssl connection count(both success + ssl handshake failure) as part of Haproxy stats counter in
counter-ssl-connection-count-2016-06-06

Is there a way to add custom stats counter in Haproxy 1.6?

Is there a way using LUA script to add custom stats?

Please help with steps for getting below new custom counters for ssl handshake failures:

  1. counter-ssl-failed-connection_count : count of ssl handshake failure connections.
  2. ssl failed connection count per source ip: User should be able to determine number of ssl connections failures per source ip.

#2

I’m not sure if this is possible. @thierry?


#3

Thanks!

Is there a way to know connection count of failed ssl handshakes in HAProxy?

Is it possible to know source-ip of all connections having ssl handshake failure?

Please share the pointers.
I don’t see these statistics in HAProxy stats.


#4

Hi, if you want the association between handshake failure and ip source, you must check the log. This type of data is not a statistic.

With Lua, you can maintain a lot of personal counters, but these counters cannot be checked throught the socket, you must create a Lua applet dedicated to give these stats.

I’m not sure that haproxy can execute Lua if the SSL handshake fails.

The following script contains an example of the usage of an applet for returning homemade statistics:

http://www.arpalert.org/haproxy-scripts.html#stats