HAProxy config tutorials
Syslog forwarding
Available since
- HAProxy 2.3
- HAProxy Enterprise 2.3r1
- HAProxy ALOHA 13.0
The load balancer can receive Syslog log messages, buffering them in memory for short-term storage, before forwarding them to a remote log server. It thereby acts as a collection point for logs originating on the network until it relays them to a destination log server. This allows you to scale out your logging infrastructure, rather than having all devices send logs directly to the log server.
Receive and buffer Syslog messages Jump to heading
You can can listen for incoming Syslog messages over UDP, TCP, or both by using the bind
and dgram-bind
directives in a log-forward
section.
-
Add a
log-forward
section to your configuration to receive Syslog messages over TCP via thebind
directive and over UDP via thedgram-bind
directive. Thelog
directive places logs into a ring buffer.haproxylog-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer local0haproxylog-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer local0 -
Add a
ring
section to buffer messages until they can be sent to the remote Syslog server. It’s best to add only oneserver
to aring
section. You can create multiplering
sections with oneserver
each.haproxyring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver 192.168.1.100:514haproxyring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver 192.168.1.100:514
Standardize the Syslog protocol Jump to heading
In the log-forward
section, you can translate incoming messages to a standardized Syslog protocol, such as the RFC 5424 format, regardless of the Syslog format in which they were received. Add the format
argument to the log
directive:
haproxy
log-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer format rfc5424 local0
haproxy
log-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer format rfc5424 local0
Forward HAProxy logs Jump to heading
In addition to forwarding log messages from other network devices, you can also use a ring
section to forward HAProxy logs over TCP. Otherwise, HAProxy sends its logs over UDP via the log
directive in the global
section.
Below is the traditional way to send HAProxy logs to a remote Syslog server over UDP:
haproxy
globallog 192.168.1.100 local0defaultslog global
haproxy
globallog 192.168.1.100 local0defaultslog global
To send them over TCP instead:
haproxy
globallog ring@logbuffer local0defaultslog globalring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver 192.168.1.100:514
haproxy
globallog ring@logbuffer local0defaultslog globalring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver 192.168.1.100:514
Do you have any suggestions on how we can improve the content of this page?