How to keep haproxy log messages out of /var/log/syslog

You could also do the following which will make it so they don't go in any other logs:

local0.*                        -/var/log/haproxy.log
& ~

The & ~ means not to put what matched in the above line anywhere else for the rest of the rules.

The use of & ~ was deprecated in v7 of rsyslogd, and you're encouraged to use & stop instead. You can read more about it in this section of the v7compatibility page.

omruleset and discard (~) action are deprecated

Both continue to work, but have been replaced by better alternatives.

The discard action (tilde character) has been replaced by the “stop” RainerScript directive. It is considered more intuitive and offers slightly better performance.

The omruleset module has been replaced by the “call” RainerScript directive. Call permits to execute a ruleset like a subroutine, and does so with much higher performance than omruleset did. Note that omruleset could be run off an async queue. This was more a side than a desired effect and is not supported by the call statement. If that effect was needed, it can simply be simulated by running the called rulesets actions asynchronously (what in any case is the right way to handle this).

Note that the deprecated modules emit warning messages when being used. They tell that the construct is deprecated and which statement is to be used as replacement. This does not affect operations: both modules are still fully operational and will not be removed in the v7 timeframe.

So for HAProxy something like this instead:

$ more /etc/rsyslog.d/haproxy.conf
local2.*    /var/log/haproxy.log
& stop

As to how it works, the & stop tells rsyslogd to discard any additional messages that matched the previously matched rules up to this point. To guarantee that this rule is picked up early on, you can change the name of the file from /etc/rsyslog.d/haproxy.conf to /etc/rsyslog.d/00-haproxy.conf.

Ok, I figured it out. This is what my /etc/rsyslog.d/20-haproxy.conf looks like:

$ModLoad imudp
$UDPServerRun 514

local0.* -/var/log/haproxy_0.log
local1.* -/var/log/haproxy_1.log

I changed the line in 50-default.conf to:

*.*;auth,authpriv,local0,local1.none     -/var/log/syslog

And now it seems to be doing what I want.

There is a better solution for haproxy logging.

• HAproxy runs in chroot so it's can't access /dev/log

• According to official manual rsyslog needs to be configured to listen to the network socket:

  # to have these messages end up in /var/log/haproxy.log you will
  # need to:
  #
  # 1) configure syslog to accept network log events.  This is done
  #    by adding the '-r' option to the SYSLOGD_OPTIONS in
  #    /etc/sysconfig/syslog
  #
  # 2) configure local2 events to go to the /var/log/haproxy.log
  #   file. A line like the following can be added to
  #   /etc/sysconfig/syslog
  

But you can use only rsyslog sockets for that:

rsyslog.d/haproxy.conf:

    # HAproxy local socket
    $AddUnixListenSocket /var/lib/haproxy/dev/log
    :programname, contains, "haproxy" /var/log/haproxy.log
    & stop

haproxy.cfg:

    global
          log         /dev/log daemon
          chroot      /var/lib/haproxy
          .......

I prefer not to mess with the ordering of the file so instead i add a local0.none to the . line entry. Config looks like:

*.info;mail.none;authpriv.none;cron.none;local2.none     /var/log/messages

local2.*                                                 /var/log/haproxy.log

(Tested on CentOS 7)

Hope that helps!