HAProxy logging to syslog

Question

I installed HAProxy 1.5 via apt-get on ubuntu 14.04 via ppa:vbernat/haproxy-1.5 as per this Debian repository selection tool.

The problem is it logging to /var/log/syslog instead of /var/log/haproxy.log

The setup is basically the default:

/etc/haproxy/haproxy.cfg

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL).
    ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
        ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

/etc/rsyslog.d

# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log

# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~

maybe this link help you: http://kvz.io/blog/2010/08/11/haproxy-logging/ — Federico Sierra, Nov 21 '14 at 03:27
For more detailed logging and exemple: https://serverfault.com/a/1087841/401023 — Vsegar, Dec 20 '21 at 21:39

score 25 · Answer 1 · edited Jan 25 '16 at 18:36

25

Very tricky. :-) And here is the trick answer:

Notice the file in /etc/rsyslog.d It says to log haproxy into /var/log/haproxy.log But this will not take effect without restarting rsyslog:

service rsyslog restart

edited Jan 25 '16 at 18:36

Frederik

3,293
3
30
46

answered Jan 25 '16 at 18:04

Sam

359
1
4
4

score 12 · Answer 2 · answered Mar 20 '15 at 01:04

The default haproxy.conf file provides clear instructions under the Global settings - global. Here i am copy pasting it for you -

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #

In my case, for instance, i am running haproxy in CentOS 6.6, the same syslogd server and had to do the following to log to /var/log/haproxy.log:

Add below line to /etc/rsyslog.d/haproxy.conf -

local2.*                       /var/log/haproxy.log

Enable syslogd logging on server -

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1

In the last part, in the second step (Enable syslogd logging on server); you change these settings in the file `/etc/rsyslog.conf`. After that, restart rsyslog service: `service rsyslog restart` — Edenshaw, Aug 04 '17 at 13:32

score 6 · Answer 3 · edited Mar 20 '15 at 06:04

6

Comment out this line from /etc/rsyslog.d

# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log

edited Mar 20 '15 at 06:04

masegaloeh

17,978
9
56
104

answered Mar 19 '15 at 23:18

Howy

161
1
2

1

`/etc/rsyslog.d` is a directory, not a file. I'm not sure about 1.5 vs 1.6 differences on Ubuntu, but file `/etc/rsyslog.d/49-haproxy.conf` exists after install of 1.6. This has the following 3 lines: `$AddUnixListenSocket /var/lib/haproxy/dev/log \n if $programname startswith 'haproxy' then /var/log/haproxy.log \n &~` (I added "\n" to denote the new lines) – fideloper Feb 07 '16 at 18:19

maxadamo · Answer 4 · 2019-09-30T07:46:31.340

3

the main problem is that the chrooted haproxy won't be able to access /dev/log and in order to circumvent the issue you can either:

Enable syslog to listen on the UDP socket (usually on port 514) as described in the other messages
Create the directory /var/lib/haproxy/dev and mount /dev with bind option onto /var/lib/haproxy/dev

It works either ways.

[edit]

After 3 years something has changed. Haproxy now creates a file called /etc/rsyslog.d/49-haproxy. One of the lines in the file is:

$AddUnixListenSocket /var/lib/haproxy/dev/log.

In this case, the chroot environment can use /dev/log

edited Sep 30 '19 at 07:46

answered Sep 22 '15 at 14:54

maxadamo

151
4

you can also just add a log socket in the chroot. rsyslog can have multiple. (i'd give an example but it's been years) – Florian Heigl Oct 09 '16 at 00:41
This is no longer the case for newer versions of HAProxy, I am running version 1.5.4 with a chrooted configuration but logging to `/dev/log`. – Overbryd Apr 03 '17 at 08:03
@Overbryd yes and no. The newer haproxy adds a file in /etc/rsyslog.d, whithe the following statement inside: $AddUnixListenSocket /var/lib/haproxy/dev/log I am gonna edit my comment accordingly. – maxadamo Sep 30 '19 at 07:41

HAProxy logging to syslog

4 Answers4

Linked