Mustafa Uysal

I'm traveling light, it's au revoir…

Sending HAProxy logs to Graylog

I just finished the setup of a brand new Graylog 3 server and wanted to share my configuration for sending HAProxy logs. I’m not digging into the server setup. It’s super simple; you can find out docker-compose configuration on the official docs.

Don’t be stingy for the ram; give the proper space for god’s sake. (depends on your data for sure)

Here is the configuration that I use:

# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
if $syslogtag contains 'haproxy' then @;GRAYLOGRFC5424
view raw 49-haproxy.conf hosted with ❤ by GitHub
mode http
log global
log-format {"haproxy_clientIP":"%ci","haproxy_clientPort":"%cp","haproxy_dateTime":"%t","haproxy_frontendNameTransport":"%ft","haproxy_backend":"%b","haproxy_serverName":"%s","haproxy_Tw":"%Tw","haproxy_Tc":"%Tc","haproxy_Tt":"%Tt","haproxy_bytesRead":"%B","haproxy_terminationState":"%ts","haproxy_actconn":%ac,"haproxy_FrontendCurrentConn":%fc,"haproxy_backendCurrentConn":%bc,"haproxy_serverConcurrentConn":%sc,"haproxy_retries":%rc,"haproxy_srvQueue":%sq,"haproxy_backendQueue":%bq,"haproxy_backendSourceIP":"%bi","haproxy_backendSourcePort":"%bp"}
option httplog
view raw haproxy.cfg hosted with ❤ by GitHub
  1. add “log-format” to your haproxy configuration and then reload the service.
  2. change IP address and make sure the port mapped properly on the docker configuration.
  3. restart rsyslog service
Go On Popcorn GIF - Find & Share on GIPHY
now you can watch the stream πŸ™‚

remember: “iptables -L” is your friend πŸ˜‰

4 responses

  1. Felipe Avatar

    how about graylog configuration part?
    should it be a GELF ? RAW syslog ? and how is the parse done?
    pelase share

    1. mustafauysal Avatar

      Syslog UDP. You can use extractors for parsing.

      1. Chandra Avatar

        Can you also explain process for haproxy enterprise edition

        1. mustafauysal Avatar

          I have no experience with the enterprise edition. However, I don’t think it will be any different.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.