HAProxy config tutorials
Syslog forwarding
Available since
- HAProxy 2.3
- HAProxy Enterprise 2.3r1
- HAProxy ALOHA 13.0
Forwarding vs load balancing
This page describes how to forward Syslog messages to a single, remote server. If instead you would like to load balance messages to multiple servers, see Syslog.
The load balancer can receive Syslog log messages, buffering them in memory for short-term storage, before forwarding them to a remote log server. It thereby acts as a collection point for logs originating on the network until it relays them to a destination log server. This allows you to scale out your logging infrastructure, rather than having all devices send logs directly to the log server.
Receive, buffer, and forward Syslog messages Jump to heading
You can receive incoming Syslog messages over UDP, TCP, or both by adding a log-forward
section to your configuration. The dgram-bind
directive is used for receiving UDP log messages, and the bind
directive is used for receiving TCP log messages.
haproxy
log-forward syslog# Listen on UDP port 514 for incoming UDP log messagesdgram-bind 0.0.0.0:514# Listen on TCP port 514 for incoming TCP log messagesbind 0.0.0.0:514
haproxy
log-forward syslog# Listen on UDP port 514 for incoming UDP log messagesdgram-bind 0.0.0.0:514# Listen on TCP port 514 for incoming TCP log messagesbind 0.0.0.0:514
You have the option to forward Syslog messages over UDP or TCP; we don’t recommend implementing both options at the same time because you will forward duplicate log messages.
Forward logs with the UDP protocol Jump to heading
Add the log
directive to forward Syslog messages over UDP. Replace <your_syslog_server_ip_address>
with your Syslog server’s IP address.
haproxy
log-forward syslog# Listen on UDP port 514 for incoming UDP messagesdgram-bind 0.0.0.0:514# Listen on TCP port 514 for incoming TCP messagesbind 0.0.0.0:514# Forward outgoing messages with UDPlog <your_server_ip_address>:514 local0
haproxy
log-forward syslog# Listen on UDP port 514 for incoming UDP messagesdgram-bind 0.0.0.0:514# Listen on TCP port 514 for incoming TCP messagesbind 0.0.0.0:514# Forward outgoing messages with UDPlog <your_server_ip_address>:514 local0
Forward logs with the TCP protocol Jump to heading
-
In the
log-forward
section, add thelog
directive to place logs into a ring buffer.haproxylog-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer local0haproxylog-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer local0 -
Add a
ring
section to buffer messages until they can be sent to the remote Syslog server. It’s best to add only oneserver
to aring
section. You can create multiplering
sections with oneserver
each. Replace<your_syslog_server_ip_address>
with your Syslog server’s IP address.haproxylog-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer local0ring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver <your_syslog_server_ip_address>:514haproxylog-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer local0ring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver <your_syslog_server_ip_address>:514
Standardize the Syslog protocol Jump to heading
In the log-forward
section, you can translate incoming messages to a standardized Syslog protocol, such as the RFC 5424 format, regardless of the Syslog format in which they were received. Add the format
argument to the log
directive:
haproxy
log-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer format rfc5424 local0
haproxy
log-forward syslog# Listen on TCP port 514bind 0.0.0.0:514# Listen on UDP port 514dgram-bind 0.0.0.0:514log ring@logbuffer format rfc5424 local0
Forward HAProxy logs Jump to heading
In addition to forwarding Syslog log messages from other network devices, you can also use a ring
section to forward HAProxy logs over TCP. Otherwise, HAProxy sends its logs over UDP via the log
directive in the global
section.
Below is the traditional way to send HAProxy logs to a remote Syslog server over UDP:
haproxy
globallog 192.168.1.100 local0defaultslog global
haproxy
globallog 192.168.1.100 local0defaultslog global
Replace <your_syslog_server_ip_address>
with your Syslog server’s IP address and send them over TCP instead:
haproxy
globallog ring@logbuffer local0defaultslog globalring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver <your_syslog_server_ip_address>:514
haproxy
globallog ring@logbuffer local0defaultslog globalring logbufferdescription "buffer for logs"format rfc5424maxlen 1500size 65536timeout connect 10stimeout server 20s# Sends outgoing messages via TCPserver logserver <your_syslog_server_ip_address>:514
See also Jump to heading
Do you have any suggestions on how we can improve the content of this page?