Home / server / Questions / 645924
In Process
Petah
Asked: 2014-11-21 12:07:54 +0800 CST

HAProxy logging to syslog

  • 772

I installed HAProxy 1.5 via apt-get on ubuntu 14.04 via ppa:vbernat/haproxy-1.5 as per this Debian repository selection tool.

The problem is it logging to /var/log/syslog instead of /var/log/haproxy.log

The setup is basically the default:

/etc/haproxy/haproxy.cfg

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL).
    ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
        ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

/etc/rsyslog.d

# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log

# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~
logging

4 Answers

  1. Very tricky. :-) And here is the trick answer:

    Notice the file in /etc/rsyslog.d It says to log haproxy into /var/log/haproxy.log But this will not take effect without restarting rsyslog:

    service rsyslog restart
    • 25

  2. The default haproxy.conf file provides clear instructions under the Global settings - global. Here i am copy pasting it for you -

    #---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #

    In my case, for instance, i am running haproxy in CentOS 6.6, the same syslogd server and had to do the following to log to /var/log/haproxy.log:

    1. Add below line to /etc/rsyslog.d/haproxy.conf -

      local2.*                       /var/log/haproxy.log

    2. Enable syslogd logging on server -

    # Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1
    • 12

  3. Comment out this line from /etc/rsyslog.d

    # Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
    • 6

  4. the main problem is that the chrooted haproxy won't be able to access /dev/log and in order to circumvent the issue you can either:

    • Enable syslog to listen on the UDP socket (usually on port 514) as described in the other messages
    • Create the directory /var/lib/haproxy/dev and mount /dev with bind option onto /var/lib/haproxy/dev

    It works either ways.

    [edit]

    After 3 years something has changed. Haproxy now creates a file called /etc/rsyslog.d/49-haproxy. One of the lines in the file is:

    $AddUnixListenSocket /var/lib/haproxy/dev/log.

    In this case, the chroot environment can use /dev/log

    • 3