18

So, I configured Haproxy so the logging would go through rsyslog and, for now, be all dumped in one file.

It's definetly logging, as I get those "starting" messages on startup, but no HTTP requests logging at all. What is wrong with my configuration?

haproxy.cfg:

global
        log /dev/log local0 debug
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend webfront
  option  forwardfor
  stats enable
  stats uri /haproxy?statis
  stats realm Haproxy\ Auth
  stats auth user:password
  bind *:80
  timeout client 86400000
  acl is_discourse  hdr_end(host) -i discourse.mydomain.com
  use_backend       discourse     if is_discourse
  use_backend       webserver     if !is_discourse

backend discourse
  balance source
  option forwardfor
  option httpclose
  server server1 127.0.0.1:3080 weight 1 maxconn 1024 check inter 10000

backend webserver
  balance source
  option forwardfor
  option httpclose
  server server2 127.0.0.1:4080 weight 1 maxconn 1024 check inter 10000

Log file:

root@kayak:/var/log/haproxy# tail haproxy.log
Nov 26 21:25:25 kayak haproxy[21646]: Proxy webfront started.
Nov 26 21:25:25 kayak haproxy[21646]: Proxy webfront started.
Nov 26 21:25:25 kayak haproxy[21646]: Proxy discourse started.
Nov 26 21:25:25 kayak haproxy[21646]: Proxy webserver started.
Nov 26 21:28:10 kayak haproxy[21868]: Proxy webfront started.
Nov 26 21:28:10 kayak haproxy[21868]: Proxy discourse started.
Nov 26 21:28:10 kayak haproxy[21868]: Proxy webserver started.
Nov 26 21:30:31 kayak haproxy[22045]: Proxy webfront started.
Nov 26 21:30:31 kayak haproxy[22045]: Proxy discourse started.
Nov 26 21:30:31 kayak haproxy[22045]: Proxy webserver started.

I visited some of the webserver pages between thsoe reboots and triggeered a few 404 errors. Why is nothing showing up?

Edit: rsyslog conf file.

/etc/rsyslog.d/49-haproxy.conf:

local0.* -/var/log/haproxy_0.log
if ($programname == 'haproxy') then -/var/log/haproxy/haproxy.log
& ~
Silver Quettier
  • 503
  • 2
  • 6
  • 14

4 Answers4

16

You have to specify the log in the frontend if you really want every request to be logged. But usually this is overkill for the server and your disk will be full in no time.

frontend webfront
  log /dev/log local0 debug
edlerd
  • 806
  • 8
  • 12
9

the logging via unix socket log does not work for me on my rhel 6.7.you can have a try with this conf. haproxy (working on 81) forward http request to httpd (working on 80)

/etc/haproxy/haproxy.cfg

frontend web_front
    log         127.0.0.1    local6
    option httplog

    bind        *:81
    default_backend web_back

backend web_back
    server      web1 127.0.0.1:80

and you must enable rsyslog udp module to receive syslog from haproxy a simple conf like this:

/etc/rsyslog.d/haproxy.conf

$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
local6.* /var/log/haproxy.log

do a http request to 81,and you well get some logs like this

# tail -n 1 /var/log/haproxy.log
May 18 13:51:07 localhost haproxy[31617]: 127.0.0.1:38074 [18/May/2016:13:51:06.999] web_front web_back/web1 0/0/0/2/2 404 466 - - ---- 1/1/0/1/0 0/0 "GET /how-are-you HTTP/1.1"
ncowboy
  • 226
  • 2
  • 2
9

This link explains it perfectly.

If you look at the top of /etc/haproxy/haproxy.cfg, you will see something like:

global
log 127.0.0.1 local2
[...]

This means that HAProxy will send its messages to rsyslog on 127.0.0.1. But by default, rsyslog doesn’t listen on any address, hence the issue.

Let’s edit /etc/rsyslog.conf and uncomment these lines:
$ModLoad imudp
$UDPServerRun 514

This will make rsyslog listen on UDP port 514 for all IP addresses. Optionally you can limit to 127.0.0.1 by adding:
$UDPServerAddress 127.0.0.1

Now create a /etc/rsyslog.d/haproxy.conf file containing:

local2.* /log/haproxy.log

You can of course be more specific and create separate log files according to the level of messages:

local2.=info /log/haproxy-info.log
local2.notice /log/haproxy-allbutinfo.log

Then restart rsyslog and see that log files are created:
# service rsyslog restart

If you manualy create log files /log/haproxy-allbutinfo.log and /log/haproxy-info.log , do not forget to change owner to syslog:adm

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
carla
  • 317
  • 3
  • 12
  • I think this is the key thing that was missing in the OP's config. I had the same issue and the specific thing that fixed it was telling rsyslog to listen on UDP port 514. – Vinod Kurup Jul 09 '20 at 19:44
7

This can be caused by having it run in a chroot jail. You'll need to make sure that rsyslog is also creating a dgram socket inside the chroot jail (e.g. /var/lib/haproxy/dev/log). Point your log directive to the /dev/log socket and you should be good.

I spent a couple of hours trying to figure this out, as HAproxy won't tell you anything is wrong besides logging failing to work.

Thomas
  • 71
  • 1
  • 1