View logs and configure a syslog server

HAProxy ALOHA does not permanently store logs. It stores them only in memory and not on the filesystem, making them available for viewing for a limited amount of time via the Logs tab. For long-term storage of logs, deploy a remote syslog server and configure HAProxy ALOHA to ship logs to it.

• Select the Logs tab to view a limited history of system, load balancer, administrative, and general traffic events.
• You can also log the traffic that traverses a specific HAProxy ALOHA VIP.

Concepts Jump to heading #

HAProxy ALOHA generates several types of logs, each of which can be collected and sent to a separate or a shared syslog server. The types are defined in the table below, where each has a unique name that you will use to configure it.

This diagram illustrates how HAProxy ALOHA generates different types of logs that you can send to a syslog server.

View the Logs tab Jump to heading #

To view logs in the HAProxy ALOHA UI:

• Go to the Logs tab.

  From here you can view, filter, and download the recent log messages.

Send logs to a syslog server Jump to heading #

In this section, you will learn how to configure HAProxy ALOHA to sends its logs to a syslog server.

Configure the syslog server Jump to heading #

Configure a remote syslog server to receive log entries. This server should be an additional Linux server external to your HAProxy ALOHA instance whose firewall and other network settings allow incoming log traffic from your HAProxy ALOHA instance.

On this Linux server:

1. Install a syslog server such as rsyslog.

   Example:

   nix
   sudo apt install rsyslog

   nix
   sudo apt install rsyslog

2. Create a file named /etc/rsyslog.d/10-aloha.conf with the directives below.

   10-aloha.conf
   text
   $ModLoad imudp
   $UDPServerRun 514
   $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
   if $fromhost-ip=='172.16.24.237' then /var/log/aloha.log

   10-aloha.conf
   text
   $ModLoad imudp
   $UDPServerRun 514
   $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
   if $fromhost-ip=='172.16.24.237' then /var/log/aloha.log

   Here, we configure rsyslog to listen on all IP addresses at port 514 and to store incoming log messages in the file /var/log/aloha.log when they come from the HAProxy ALOHA IP address.

   The directives are as follows:

   Directive	Description
   $ModLoad imudp	Receive logs over UDP.
   $UDPServerRun 514	Start on the specified port.
   $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat	Use the traditional syslog format.
   if $fromhost-ip==‘172.16.24.237’ then /var/log/aloha.log	Store incoming log messages in the file /var/log/aloha.log when they come from the HAProxy ALOHA IP address. Replace 172.16.24.237 with your own IP address. You can specify several of these directives, or use startswith to match a range of IPs.

3. Restart the rsyslog server.

   nix
   sudo systemctl restart rsyslog

   nix
   sudo systemctl restart rsyslog

Configure HAProxy ALOHA Jump to heading #

You can send one or more types of logs to your syslog server, as shown in this section.

Send system events Jump to heading #

Configure the system log type to send major HAProxy ALOHA operating system events, such as kernel errors, to an external syslog server.

1. From the Services tab, click syslog setup.

   

2. In the service syslog system section, specify the IP address and port of the destination syslog server. There can be only one server in the section.

   Example: Send system messages to a syslog server listening at 172.16.24.236 on UDP port 514.

   ruby
   service syslog system
     server 172.16.24.236:514

   ruby
   service syslog system
     server 172.16.24.236:514

3. Restart the syslog service.

   

   The Message 7010: Last action returns success message displays.

4. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

Send load balancer events Jump to heading #

Configure the events log type to send errors related to starting/stopping the HAProxy service, and related errors or warnings, to an external syslog server.

1. From the LB Layer7 tab, ensure that the defaults section has a log global line:

   haproxy
   defaults unnamed_defaults_1
     log global

   haproxy
   defaults unnamed_defaults_1
     log global

2. From the Services tab, click syslog setup.

   

3. In the service syslog events section, specify the IP address and port of the destination syslog server. There can be only one server in the section.

   Example: Send events messages to a syslog server listening at 172.16.24.236 on UDP port 514.

   ruby
   service syslog events
     server 172.16.24.236:514

   ruby
   service syslog events
     server 172.16.24.236:514

4. Restart the syslog service.

5. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

Send console events Jump to heading #

Configure the console log type to send events such as logins to the HAProxy ALOHA command-line interface to an external syslog server.

1. From the Services tab, click syslog setup.

   

2. In the service syslog console section, specify the IP address and port of the destination syslog server. There can be only one server in the section.

   Example: Send console messages to a syslog server listening at 172.16.24.236 on UDP port 514.

   ruby
   service syslog console
     server 172.16.24.236:514

   ruby
   service syslog console
     server 172.16.24.236:514

3. Restart the syslog service.

4. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

Send traffic events for all frontends/backends Jump to heading #

Configure the traffic log type to send traffic logs for all frontends to an external syslog server. This configuration logs all load balancer traffic.

1. From the LB Layer7 tab, ensure that the defaults section has a log global line:

   haproxy
   defaults unnamed_defaults_1
     log global

   haproxy
   defaults unnamed_defaults_1
     log global

2. From the Services tab, click syslog setup.

   

3. In the service syslog traffic section, specify the IP address and port of the destination syslog server. There can be only one server in the section.

   Example: Send traffic messages to a syslog server listening at 172.16.24.236 on UDP port 514.

   ruby
   service syslog traffic
     server 172.16.24.236:514

   ruby
   service syslog traffic
     server 172.16.24.236:514

4. Restart the syslog service.

5. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

Send traffic events for a specific frontend/backend Jump to heading #

You can send traffic that traverses a specific HAProxy ALOHA frontend or backend.

1. On the remote rsyslog server, edit the /etc/rsyslog.d/10-aloha.conf file.

   Below, we capture messages from syslog facilities local0 and write them to the example-frontend-traffic.log file.

   10-aloha.conf
   text
   local0.* /var/log/example-frontend-traffic.log

   10-aloha.conf
   text
   local0.* /var/log/example-frontend-traffic.log

2. On HAProxy ALOHA:

   • Click the LB Layer7 tab.

   • Add the following directive to frontend and backend sections:

     text
     log <syslog server IP address>:<port> <facility>

     text
     log <syslog server IP address>:<port> <facility>

     Example: For events occurring on frontend example-frontend and backend example-backend, send log messages to an rsyslog server listening at 172.16.24.236 on UDP port 514 with facility local0.

     haproxy
     frontend example-frontend
       bind :80
       mode http
       log 172.16.24.236:514 local0
       option httplog
       default_backend example-backend
     backend example-backend
       log 172.16.24.236:514 local0
       server s1 172.16.24.236.10 check

     haproxy
     frontend example-frontend
       bind :80
       mode http
       log 172.16.24.236:514 local0
       option httplog
       default_backend example-backend
     backend example-backend
       log 172.16.24.236:514 local0
       server s1 172.16.24.236.10 check

   • To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

LB Layer7 tab: Conditional logging Jump to heading #

Using the when() converter, you can configure the load balancer to emit certain log messages only when certain conditions are met, for example, on error or because of another abnormal state. See when() converter for more information.

LB Layer7 tab: log profiles Jump to heading #

You can define custom log formats in named log profiles that you can then apply wherever needed.

You can define as many log profiles as you want, giving each a name allowing you to apply it independently. With log profiles, you can choose the one best suited for each log server and even emit logs to multiple servers at the same time, each with its own format. Log profiles also allow you to write log messages when different events occur, such as when accepting a connection, receiving a request, connecting to a backend server, and receiving a response.

Log profiles present plenty of opportunities:

• Create a log profile for emitting timing information to see how long the HAProxy service took to handle a request.
• Create a log profile that emits the maximum amount of data for use in debugging.
• Switch the log format just by changing the profile argument on the log line.
• Reuse profiles across multiple frontends.
• Decide whether you want to emit messages for every step defined in a profile or for only some of them by setting the log-steps directive.

In the example below, we define two log profiles on the LB Layer7 tab: one named syslog, which uses the syslog format, and another named json, which uses JSON.

haproxy
log-profile syslog
  log-tag "haproxy"
  on close format "$HAPROXY_HTTP_LOG_FMT"
log-profile json
  on close format "%{+json}o %(client_ip)ci %(client_port)cp %(request_date)tr %(frontend_name)ft %(backend_name)b %(server_name)s %(time_to_receive)TR %(time_waiting)Tw %(time_to_connect)Tc %(time_server_response)Tr %(time_active)Ta %(status_code)ST %(bytes_read)B %(request_cookies)CC %(response_cookies)CS %(termination_state)tsc %(process_active_connections)ac %(frontend_active_connections)fc %(backend_active_connections)bc %(server_active_connections)sc %(retries)rc %(server_queue)sq %(backend_queue)bq %(request_headers)hr %(response_headers)hs %(request_line)r"

haproxy
log-profile syslog
  log-tag "haproxy"
  on close format "$HAPROXY_HTTP_LOG_FMT"
log-profile json
  on close format "%{+json}o %(client_ip)ci %(client_port)cp %(request_date)tr %(frontend_name)ft %(backend_name)b %(server_name)s %(time_to_receive)TR %(time_waiting)Tw %(time_to_connect)Tc %(time_server_response)Tr %(time_active)Ta %(status_code)ST %(bytes_read)B %(request_cookies)CC %(response_cookies)CS %(termination_state)tsc %(process_active_connections)ac %(frontend_active_connections)fc %(backend_active_connections)bc %(server_active_connections)sc %(retries)rc %(server_queue)sq %(backend_queue)bq %(request_headers)hr %(response_headers)hs %(request_line)r"

In this example:

• For syslog, we set the optional log-tag directive inside to change the syslog header’s tag field, to give a hint to the syslog server about how to process the message.
• The on directive sets when to emit the log message. We’re emitting the log message on the close event, when HAProxy has finalized the request-response transaction and has access to all of the data.

Our frontend uses both log profiles. By setting the profile argument on each log line, the frontend will send syslog to one log server and json to another. It’s required to also enable logging in the frontend, which we accomplish by setting option httplog, but option tcplog would also work.

haproxy
frontend mysite
  bind :80
  option httplog
  log 172.16.24.236:514  format rfc5424 profile syslog local0 info
  log 172.16.24.235:9200 format raw     profile json   local0 info

haproxy
frontend mysite
  bind :80
  option httplog
  log 172.16.24.236:514  format rfc5424 profile syslog local0 info
  log 172.16.24.235:9200 format raw     profile json   local0 info

By default, HAProxy emits a log message when the close event fires, but you can emit messages on other events, too. The supported events are accept, close, connect, error, request, and response.

By tweaking the syslog profile to include more on lines, we have logged a message at each event in HAProxy’s processing:

haproxy
log-profile syslog
  on accept format "Client connected. IP: %ci"
  on request format "Request received. %r"
  on connect format "Connected to backend server. %b / %s"
  on response format "Response received."
  on close format "$HAPROXY_HTTP_LOG_FMT"
  on error format "Error!"

haproxy
log-profile syslog
  on accept format "Client connected. IP: %ci"
  on request format "Request received. %r"
  on connect format "Connected to backend server. %b / %s"
  on response format "Response received."
  on close format "$HAPROXY_HTTP_LOG_FMT"
  on error format "Error!"

To enable these extra messages, set the log-steps directive to all or to a comma-separated list of events:

haproxy
frontend mysite
  bind :80
  log-steps all
  log 172.16.24.236:514  format rfc5424 profile syslog local0 info

haproxy
frontend mysite
  bind :80
  log-steps all
  log 172.16.24.236:514  format rfc5424 profile syslog local0 info

Remove existing log global lines or else you’ll get log messages twice, once from the global log line and once from your frontend’s log line.

LB Layer7 tab: do-log action Jump to heading #

The do-log action allows you to emit custom log messages at any point in the processing of a request or response. Add the do-log action where desired in your LB Layer7 configuration. In the example below, we set a variable named req.log_msg and then use a do-log action to log the variable value.

haproxy
frontend mysite
  bind :80
  acl is_evil_client req.hdr(user-agent) -m sub evil
  http-request set-var(req.log_msg) str("Blocking evil client") if is_evil_client
  http-request do-log
  http-request deny if is_evil_client

haproxy
frontend mysite
  bind :80
  acl is_evil_client req.hdr(user-agent) -m sub evil
  http-request set-var(req.log_msg) str("Blocking evil client") if is_evil_client
  http-request do-log
  http-request deny if is_evil_client

Update your syslog log-profile section (see Log profiles) so that it includes the directive on http-req, which defines the log format to use whenever http-request do-log is called.

The following example log format prints the value of the variable req.log_msg:

haproxy
log-profile syslog
  log-tag "haproxy"
  on close format "$HAPROXY_HTTP_LOG_FMT"
  on http-req format "%[var(req.log_msg)]"

haproxy
log-profile syslog
  log-tag "haproxy"
  on close format "$HAPROXY_HTTP_LOG_FMT"
  on http-req format "%[var(req.log_msg)]"

Your log will show the custom log message:

text
Blocking evil client

text
Blocking evil client

The do-log action works with other directives, too. Each matches up with a step in the log-profile section:

Syslog service reference Jump to heading #

The syslog service on the Services tab supports the following configuration directives: