Syslog Forwarding with send-proxy not working

dot-mike · May 7, 2025, 3:41pm

Hi community, I’ve tried for a few hours to have syslog forwarding enabling with send-proxy / send-proxy-v2 and neither of them is working properly.

What I want to achieve:

syslog input supporting both udp & tcp through haproxy to syslog-ng.

Environment info:

**haproxy -v**
HAProxy version 3.0.10-1ppa1~jammy 2025/04/25 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2029.
Known bugs: http://www.haproxy.org/bugs/bugs-3.0.10.html
Running on: Linux 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64

**syslog-ng -V**
syslog-ng 4 (4.8.2)
Config version: 4.2
Installer-Version: 4.8.2
Revision: 4.8.2-1
Compile-Date: May  7 2025 09:41:09

Config option 1 results

{"TRANSPORT":"rfc3164+proxied-tcp","SOURCE":"s_syslog","PROGRAM":"udptest3","MSGFORMAT":"rfc3164","MESSAGE":"","LEGACY_MSGHDR":"udptest3","HOST_FROM":"127.0.0.1","HOST":"127.0.0.1"}
{"TRANSPORT":"rfc3164+proxied-tcp","SOURCE":"s_syslog","PROGRAM":"tcptest","MSGFORMAT":"rfc3164","MESSAGE":"","LEGACY_MSGHDR":"tcptest","HOST_FROM":"127.0.0.1","HOST":"127.0.0.1"}

Config option 2 results in
Result

{"TRANSPORT":"rfc6587+proxied-tcp","SOURCE":"s_syslog","MSGFORMAT":"raw","MESSAGE":"<13>1 2025-05-07T15:30:42.821903+00:00 myhost root - - [timeQuality tzKnown=\"1\" isSynced=\"1\" syncAccuracy=\"332000\"] udptest3","HOST_FROM":"127.0.0.1","HOST":"127.0.0.1"}

Using send-proxy-v2 in config v3 for haproxy I can see the headers added, but no IP info added

{"TRANSPORT":"rfc3164+proxied-tcp","SOURCE":"s_syslog","PROXIED_SRCPORT":"0","PROXIED_SRCIP":"","PROXIED_IP_VERSION":"0","PROXIED_DSTPORT":"0","PROXIED_DSTIP":"","PROGRAM":"udptest3","MSGFORMAT":"rfc3164","MESSAGE":"","LEGACY_MSGHDR":"udptest3","HOST_FROM":"127.0.0.1","HOST":"127.0.0.1"}
{"TRANSPORT":"rfc3164+proxied-tcp","SOURCE":"s_syslog","PROXIED_SRCPORT":"0","PROXIED_SRCIP":"","PROXIED_IP_VERSION":"0","PROXIED_DSTPORT":"0","PROXIED_DSTIP":"","PROGRAM":"tcptest","MSGFORMAT":"rfc3164","MESSAGE":"","LEGACY_MSGHDR":"tcptest","HOST_FROM":"127.0.0.1","HOST":"127.0.0.1"}

For testing I’ve been using commands:

logger --tcp --port 514 -n 10.0.0.1 tcptest
logger --port 514 -n 10.0.0.1 udptest3

Am I doing something wrong here?

EDIT:
If I use this Haproxy config below, everything works fine, but then UDP input for syslog is not supported!

listen sng
  bind 10.0.0.1:514
  mode tcp
  server server1 127.0.0.1:514 maxconn 32 send-proxy-v2

Config Option 1

haproxy

global
   log stderr format iso local7

ring myring
    description "My local buffer"
    #format rfc5424
    maxlen 2400
    size 32764
    timeout connect 5s
    timeout server 10s
    # syslog tcp server
    server mysyslogsrv 127.0.0.1:514 send-proxy

log-forward sylog-loadb
    dgram-bind 10.0.0.1:514
    bind 10.0.0.1:514
    # all messages on local tcp syslog server
    log ring@myring format rfc5424 local0

syslog-ng

source s_syslog {
    network(
        port(514)
        ip(127.0.0.1)
        transport(proxied-tcp)
        flags(syslog-protocol)
    );
};


destination d_logs {
    file("/var/log/$YEAR-$MONTH-$DAY.log" template("$(format-json --scope nv-pairs)\n"));
    #file("/var/log/$YEAR-$MONTH-$DAY.log");
};

log {
    source(s_syslog);
    destination(d_logs);
}

Config Option 2

haproxy

global
   log stderr format iso local7

ring myring
    description "My local buffer"
    #format rfc5424
    maxlen 2400
    size 32764
    timeout connect 5s
    timeout server 10s
    # syslog tcp server
    server mysyslogsrv 127.0.0.1:514 send-proxy

log-forward sylog-loadb
    dgram-bind 10.0.0.1:514
    bind 10.0.0.1:514
    # all messages on local tcp syslog server
    log ring@myring format rfc5424 local0

syslog-ng

# transport support for proxied-tcp is new with 4.8 
source s_syslog {
     syslog(
         port(514)
         ip(127.0.0.1)
         transport("proxied-tcp")
         flags(no-parse)
     );
};

destination d_logs {
    file("/var/log/$YEAR-$MONTH-$DAY.log" template("$(format-json --scope nv-pairs)\n"));
    #file("/var/log/$YEAR-$MONTH-$DAY.log");
};

log {
    source(s_syslog);
    destination(d_logs);
}

Config Option 3

haproxy

global
   log stderr format iso local7

ring myring
    description "My local buffer"
    #format rfc5424
    maxlen 2400
    size 32764
    timeout connect 5s
    timeout server 10s
    # syslog tcp server
    server mysyslogsrv 127.0.0.1:514 send-proxy-v2

log-forward sylog-loadb
    dgram-bind 10.0.0.1:514
    bind 10.0.0.1:514
    # all messages on local tcp syslog server
    log ring@myring format rfc5424 local0

syslog-ng

source s_syslog {
    network(
        port(514)
        ip(127.0.0.1)
        transport(proxied-tcp)
        flags(syslog-protocol)
    );
};

destination d_logs {
    file("/var/log/$YEAR-$MONTH-$DAY.log" template("$(format-json --scope nv-pairs)\n"));
    #file("/var/log/$YEAR-$MONTH-$DAY.log");
};

log {
    source(s_syslog);
    destination(d_logs);
}

Topic		Replies	Views
Sending udp packets Help!	1	350	January 12, 2021
Sending HAproxy events to syslog.. issues Help!	0	583	June 29, 2021
No Logs (syslog) Help!	5	712	May 4, 2018
Using HAProxy to forward syslogs from rsyslog causing TCPSendBuf error Help!	1	550	June 7, 2024
Syslog load balancing and forwarding client IP to back-end server Configuration Samples	2	1063	February 27, 2025

Syslog Forwarding with send-proxy not working

Related topics