Traffic Mirroring Reference
The SPOE mirror engine uses Stream Processing Offload Protocol (SPOP). The file /etc/hapee-extras/hapee-mirror-spoe.cfg
configures how HAProxy Enterprise communicates with the SPOE mirror agent.
[mirror]
spoe-agent mirror
log global
messages mirror
use-backend mirroragents
timeout hello 500ms
timeout idle 5s
timeout processing 5s
spoe-message mirror
args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
event on-frontend-http-request
It supports the following directives in the spoe-agent
section:
Parameter | Description |
---|---|
| The file begins with an engine name, |
| This line means that events, such as when HAProxy Enterprise sends data, will be logged to the same output defined by the |
| This line is a space-delimited list of labels that match up with |
| This line specifies which backend in the HAProxy Enterprise configuration holds the mirror agents. |
|
|
| This setting limits how long HAProxy Enterprise will wait for an agent to close an idle connection. |
| This setting limits how long an agent is allowed to process an event. |
A spoe-message
section defines which HAProxy Enterprise fetch methods will be used to capture data to send to the agents. The label here, mirror
, is expected by this particular agent. For traffic mirroring, we capture the following:
the HTTP method
the URL path
the version of HTTP
all HTTP headers
the request body (note that this requires
option http-buffer-request
in the HAProxy Enterprise configuration)
Data is sent every time the on-frontend-http-request
event fires, which is before the evaluation of http-request
rules on the frontend side.
The options supported by hapee-spoa-mirror
can be found using -h
or --help
:
$ /opt/hapee-extras/bin/hapee-spoa-mirror -h
Usage: hapee-spoa-mirror { -h --help }
hapee-spoa-mirror { -V --version }
hapee-spoa-mirror { -r --runtime=TIME } [OPTION]...
Options are:
-a, --address=NAME Specify the address to listen on (default: "0.0.0.0").
-B, --libev-backend=TYPE Specify the libev backend type (default: AUTO).
-b, --connection-backlog=VALUE Specify the connection backlog size (default: 10).
-c, --capability=NAME Enable the support of the specified capability.
-D, --daemonize Run this program as a daemon.
-F, --pidfile=FILE Specifies a file to write the process-id to.
-h, --help Show this text.
-i, --monitor-interval=TIME Set the monitor interval (default: 5.00s).
-l, --logfile=[MODE:]FILE Log all messages to logfile (default: stdout/stderr).
-m, --max-frame-size=VALUE Specify the maximum frame size (default: 16384 bytes).
-n, --num-workers=VALUE Specify the number of workers (default: 10).
-p, --port=VALUE Specify the port to listen on (default: 12345).
-r, --runtime=TIME Run this program for the specified time (0 = unlimited).
-t, --processing-delay=TIME Set a delay to process a message (default: 0).
-u, --mirror-url=URL Specify the URL for the HTTP mirroring.
-I, --mirror-interface=NAME Specify the interface/address for outgoing connections.
-P, --mirror-local-port=VALUE Specify the local port range for outgoing connections.
-V, --version Show program version.
Supported libev backends: select, poll, epoll, linuxaio, iouring
.
Supported capabilities: fragmentation, pipelining, async.
Allowed logging file opening modes: a, w
. The a
mode allows opening or creating file for writing at end-of-file. The w
mode allows truncating the file to zero length or creating a new file. If a capital letter is used for the mode, then line buffering is used when writing to the log file.
The time delay/interval is specified in milliseconds by default, but can be in any other unit if the number is suffixed by a unit (us, ms, s, m, h, d
).
Traffic Mirroring Log Reference
SPOE mirror agent activity is logged using HAProxy Enterprise's logger. Mirrored requests are logged to the file /var/log/hapee-2.5/lb-access-<date>.log
by default. A message is emitted for each mirrored request. Depending on the status code, the log level will be different. In the normal case, when no error occurred, the message is logged with the level LOG_NOTICE
. If an error occurred, the message is logged with the level LOG_WARNING
.
Consider the following example log message for a mirrored request:
An example log statement is shown below:
Aug 25 17:48:36 node1 hapee-lb[215242]: SPOE: [mirror] <EVENT:on-frontend-http-request> sid=707 st=0 0/13/8/0/22 1/1 0/0 0/1
In this example, the mirror
agent logged an event named on-frontend-http-request
with a stream-id of 707
. Its status code of 0
indicates it was successful. One event was processed and had zero errors.
Mirror agent log messages follow this format:
SPOE: [AGENT] <TYPE:NAME> sid=STREAM-ID st=STATUS-CODE reqT/qT/wT/resT/pT <idles>/<applets> <nb_sending>/<nb_waiting> <nb_error>/<nb_processed>
Log Message Item | Description |
---|---|
| The agent name. It is |
| For mirrored requests this is |
| The event name. |
| The unique integer id of the stream. |
| The request's status code. A status code of
|
| These represent the following time events:
|
| The number of idle SPOE applets. |
| The number of SPOE applets. |
| The number of streams waiting to send data. |
| The number of streams waiting for an |
| The number of processing errors. |
| The number of events processed. |
Next up
Security