Syslog
HAProxy ALOHA does not permanently store logs. It stores them only in memory and not on the filesystem, making them available for viewing for a limited amount of time via the Logs tab. For long-term storage of logs, deploy a remote Syslog server and configure HAProxy ALOHA to ship logs to it.
HAProxy ALOHA generates several types of logs, each of which can be collected and sent to a separate or a shared Syslog server. The types are defined in the table below, where each has a unique name that you will use to configure it.
Name | Description |
---|---|
system | Major operating system events |
events | Load balancer events |
console | Administration Web UI events |
traffic | Traffic traversing all HAProxy ALOHA frontends |

Configure the Syslog server
You must configure a remote Syslog server to receive log entries.
-
Install a Syslog server such as rsyslog.
$ sudo apt install rsyslog
-
Create a file named /etc/rsyslog.d/10-aloha.conf with the directives below.
Configure rsyslog to listen on all IP addresses at port 514. Store incoming log messages in the file /var/log/aloha.log when they come from the HAProxy ALOHA IP address.
$ModLoad imudp $UDPServerRun 514 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat if $fromhost-ip=='172.16.24.237' then /var/log/aloha.log
The directives are as follows:
Directive
Description
$ModLoad imudp
Receive logs over UDP.
$UDPServerRun 514
Start on the specified port.
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Use the traditional Syslog format.
if $fromhost-ip=='172.16.24.237' then /var/log/aloha.log
Store incoming log messages in the file /var/log/aloha.log when they come from the HAProxy ALOHA IP address. Replace 172.16.24.237 with your own IP address. You can specify several of these directives, or use
startswith
to match a range of IPs. -
Restart the rsyslog server.
$ sudo systemctl restart rsyslog
Log operating system events
Configure the system
log type to send major HAProxy ALOHA operating system events, such as kernel errors, to an external Syslog server.
-
In the Services tab, click syslog setup.
-
In the
service syslog system
section, specify the IP address and port of the destination Syslog server.Send operating system events to a Syslog server listening at 172.16.24.236 on UDP port 514.
service syslog system server 172.16.24.236:514
-
Restart the syslog service.
The Message 7010: Last action returns success message displays.
Log load balancer events
Configure the events
log type to send errors related to starting/stopping the load balancer, and related errors or warnings, to an external Syslog server.
-
In the
service syslog events
section, specify the IP address and port of the destination Syslog server.Send load balancer errors to a Syslog server listening at 172.16.24.236 on UDP port 514.
service syslog events server 172.16.24.236:514
Restart the syslog service.
Log administration events
Configure the console
log type to send events such as logins to the HAProxy ALOHA command-line interface to an external Syslog server.
-
In the
service syslog console
section, specify the IP address and port of the destination Syslog server.Send login events to a Syslog server listening at 172.16.24.236 on UDP port 514.
service syslog console server 172.16.24.236:514
Restart the syslog service.
Log traffic from all frontends
Configure the traffic
log type to send traffic logs for all frontends to an external Syslog server.
-
In the
service syslog traffic
section, specify the IP address and port of the destination Syslog server.Send traffic logs to a Syslog server listening at 172.16.24.236 on UDP port 514.
service syslog traffic server 172.16.24.236:514
Restart the syslog service.
Log traffic from a specific frontend
You can log traffic that traverses a specific HAProxy ALOHA frontend.
-
On the remote rsyslog server, edit the file /etc/rsyslog.d/10-aloha.conf file.
Append one or more lines similar to the following.
Capture messages from Syslog facilities local0 and local1, and write them to the frontend1-traffic.log and frontend2-traffic.log file.
local0.* /var/log/frontend1-traffic.log local1.* /var/log/frontend2-traffic.log
-
On HAProxy ALOHA, add the following directive to a
frontend
section:log <Syslog server IP address>:<port>
Send log messages to facility local0 to an rsyslog server listening at 172.16.24.236 on UDP port 514.
frontend webservice bind :80 mode http log 172.16.24.236:514 local0 option httplog default_backend webfarm
Test the setup
-
Make a web request either to:
the HAProxy ALOHA Web UI,
a HAProxy ALOHA frontend,
$ curl http://172.16.24.237:8080
-
Inspect the logs on your rsyslog server.
$ sudo less /var/log/aloha.log
Jan 13 11:12:58 ALOHA1 alohactl2[15685] ALOHA1# /opt/bin/alohactl2 -S root l7_dump Jan 13 11:12:58 ALOHA1 alohactl2[15722] ALOHA1# /opt/bin/alohactl2 -S root l4_dump Jan 13 11:13:04 ALOHA1 alohactl2[15859] ALOHA1# /opt/bin/alohactl2 -S root l7_dump Jan 13 11:52:27 172.16.24.237 haproxy[9522]: 172.29.1.90:46714 [13/Jan/2022:11:52:27.745] webservice webfarm/websrv1 0/0/0/1/1 200 818 - - --NI 1/1/0/0/0 0/0 "GET / HTTP/1.1"
$ sudo less /var/log/frontend1-traffic.log
Jan 13 14:09:38 172.16.24.237 haproxy[18201]: 172.29.1.90:40710 [13/Jan/2022:14:09:38.751] webservice webfarm/websrv1 0/0/0/1/1 200 818 - - --NI 1/1/0/0/0 0/0 "GET / HTTP/1.1" Jan 13 14:23:09 172.16.24.237 haproxy[18201]: 172.29.1.90:45748 [13/Jan/2022:14:23:09.407] webservice webfarm/websrv1 0/0/0/1/1 404 304 - - --NI 1/1/0/0/0 0/0 "GET /8080 HTTP/1.1" Jan 13 14:23:50 172.16.24.237 haproxy[18201]: Proxy webservice stopped (cumulated conns: FE: 2, BE: 0). Jan 13 14:25:21 172.16.24.237 haproxy[19247]: 172.29.1.90:37120 [13/Jan/2022:14:25:21.318] webservice webfarm/websrv1 0/0/0/0/0 200 602 - - --NI 1/1/0/0/0 0/0 "GET / HTTP/1.1" Jan 13 14:25:21 172.16.24.237 haproxy[19247]: 172.29.1.90:37120 [13/Jan/2022:14:25:21.548] webservice webfarm/websrv1 0/0/0/0/0 404 351 - - --VN 1/1/0/0/0 0/0 "GET /favicon.ico HTTP/1.1" Jan 13 14:25:37 172.16.24.237 haproxy[19247]: 172.29.1.90:37224 [13/Jan/2022:14:25:37.052] webservice webfarm/websrv1 0/0/0/0/0 200 818 - - --NI 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Syslog service reference
The syslog service in the Services tab supports the following configuration directives:
Directive | Description |
---|---|
| Sets the maximum Syslog severity level to send to the console. |
| An identier to use for a second Syslog server. |
| Collect UDP log messages from the given local IP address and optional port. |
| Collect kernel messages. |
| Collect (or do not collect if prefixed with |
| Records log messages to either a ring buffer or to a file. |
| The number of log files to keep before rotating them. |
| The IP address and port of a remote Syslog server that will receive log messages. |
| The maximum size in kilobytes of the buffer or file when |
Next up
Security