0

Does Haproxy log every time a connection is made? I have followed instructions from other threads to set up logging via rsyslogd. Even though the files are created (haproxy.log,haproxy-info.log and haproxy-allbutinfo.log), no logs have been written into any of them.

I have checked the lfg.log, and these may shed some light on the problem:

Sep 12 22:50:44 : *Suspicious Process* PID:17551 PPID:17551 User:haproxy Uptime:62 secs EXE:/usr/sbin/haproxy CMD:/usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
Sep 12 22:50:44 : *Suspicious Process* PID:17552 PPID:17552 User:haproxy Uptime:62 secs EXE:/usr/sbin/haproxy CMD:/usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid

The RESTRICT_SYSLOG is set to 3 in csf config. I have also added haproxy as an allowed user for rsyslogd in /etc/csf/csf.syslogusers but still no logs have been written. Can anyone tell me what is wrong with the following setup?

csf config

RESTRICT_SYSLOG = "3"

# Allow incoming UDP ports
UDP_IN = "20,21,53,514"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list 
UDP_OUT = "20,21,53,514"

/etc/haproxy/haproxy.cfg

global
   log 127.0.0.1   local2       
   maxconn 2048             
   user haproxy
   group haproxy

/etc/rsyslog.d/haproxy.conf

$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514    
local2.*    /var/log/haproxy.log
local2.=info     /var/log/haproxy-info.log
local2.notice    /var/log/haproxy-allbutinfo.log

"haproxy" user added to /etc/csf/csf.syslogusers

  # Other users:
  haproxy

Updated: I just disabled csf and tried again. Still haproxy doesn't write anything into the files.

RedGiant
  • 211
  • 3
  • 14
  • Have you tried it with CSF/LDF disabled? – GregL Sep 18 '15 at 13:40
  • @GregL Yes, I have tried it without CSF, but the log still doesn't work – RedGiant Sep 18 '15 at 15:14
  • What's the value of `RESTRICT_SYSLOG_GROUP`? – GregL Sep 18 '15 at 15:26
  • @GregL, Default Value: `RESTRICT_SYSLOG_GROUP = "mysyslog"` `RESTRICT_SYSLOG = "3"` – RedGiant Sep 18 '15 at 15:31
  • According to [this](http://configserver.com/cp/csfdemo/config.html), having `RESTRICT_SYSLOG` set to '3', restricts syslog/rsyslog access to `RESTRICT_SYSLOG_GROUP`. Maybe try changing `RESTRICT_SYSLOG` to '2' and see if it works. – GregL Sep 18 '15 at 16:33
  • @GregL I have tried it with no success. I'm starting to think the firewall isn't the reason for the problem. I have disabled csf for a while but still nothing written in the haproxy log file. – RedGiant Sep 19 '15 at 03:45

2 Answers2

2

I have managed to get logs written into the file. Besides adding the log setting to the global section, I should have added a reference in the default section as well. To quote from this tutorial which is the only piece I have found mentions this important setting:

In your backends or default config, refer to global:

   defaults
        log             global

My settings in /etc/rsyslog/haproxy.conf

$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1

local1.* -/var/log/haproxy_1.log
& ~

It turns out there is nothing to do with csf. I have closed the UDP and the logging still works

RedGiant
  • 211
  • 3
  • 14
  • Thanks ! I missed that ! the "defaults" section. I went down to logrotate or iptables to see if my UDP traffic was blocked somewhere, or if rotation caused deletion of logs, I was so mad to see this file created, but not filled ^^ +1 – Alex Apr 11 '17 at 14:23
-2

For haproxy.cfg please modify the log level.

log             127.0.0.1       local3 info

You can configure the log level (emerg alert crit err warning). You can use one or if you need to use multiple you can simply defined giving spaces. 

log             127.0.0.1       local3 info warning

For rsyslog:

$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1

Include this rule before your debug rule. Otherwise you will see the Haproxy logs in syslogs.

if $programname startswith 'haproxy' then  
  /var/log/haproxy.log & ~
GregL
  • 9,030
  • 2
  • 24
  • 35
user312067
  • 1
  • 1
    `You can use one or if you need to use multiple you can simply defined giving spaces.` Actually, that's not what specifying two levels does. The [docs](http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-log) say that `By default, all messages are sent. If a level is specified, only messages with a severity at least as important as this level will be sent. An optional minimum level can be specified. If it is set, logs emitted with a more severe level than this one will be capped to this level.` – GregL Sep 18 '15 at 13:35
  • @user312067, I have followed your instructions, but yet no logs have been written. – RedGiant Sep 18 '15 at 15:40