Sending HAProxy logs to Graylog

2019-09-02T17:01:51+03:00

how about graylog configuration part?
should it be a GELF ? RAW syslog ? and how is the parse done?
pelase share
thx

2019-09-08T22:49:04+03:00

Syslog UDP. You can use extractors for parsing.

2022-08-25T02:36:50+03:00

Can you also explain process for haproxy enterprise edition

2022-08-26T18:17:04+03:00

I have no experience with the enterprise edition. However, I don’t think it will be any different.

	# Create an additional socket in haproxy's chroot in order to allow logging via
	# /dev/log to chroot'ed HAProxy processes
	$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
	$AddUnixListenSocket /var/lib/haproxy/dev/log

	# Send HAProxy messages to a dedicated logfile
	if $programname startswith 'haproxy' then /var/log/haproxy.log
	if $syslogtag contains 'haproxy' then @192.168.1.10:1514;GRAYLOGRFC5424
	&~

	.
	.
	.
	defaults
	mode http
	log global
	log-format {"haproxy_clientIP":"%ci","haproxy_clientPort":"%cp","haproxy_dateTime":"%t","haproxy_frontendNameTransport":"%ft","haproxy_backend":"%b","haproxy_serverName":"%s","haproxy_Tw":"%Tw","haproxy_Tc":"%Tc","haproxy_Tt":"%Tt","haproxy_bytesRead":"%B","haproxy_terminationState":"%ts","haproxy_actconn":%ac,"haproxy_FrontendCurrentConn":%fc,"haproxy_backendCurrentConn":%bc,"haproxy_serverConcurrentConn":%sc,"haproxy_retries":%rc,"haproxy_srvQueue":%sq,"haproxy_backendQueue":%bq,"haproxy_backendSourceIP":"%bi","haproxy_backendSourcePort":"%bp"}
	option httplog
	.
	.
	.
	.
	.
	.

Join the Conversation