You can create a syslog listener UDP, TCP, or both by using the via the
dgram-bind directives. HAProxy Enterprise supports message-based load balancing and forwarding, allowing the transmission and reception of messages over TCP, UDP, or UNIX domain sockets. Each log message can now be processed individually.
This functionality also enables editing the number of connections in backlog, and translating syslog messages to a pool of UDP or TCP syslog servers. This can be implemented through a dedicated section called
log-forward, which supports binding on TCP using the
bind keyword and on UDP using
dgram-bind for both IPv4 and IPv6.
By combining this capability with the log sampling feature, you gain precise control over the forwarding of syslog messages.
Forward log messages
To illustrate, the following example sets up log forwarding using a ring buffer named
logbuffer with a maximum length of 1500 characters and a size of 65536 bytes. A ring buffer stores messages in memory and sends them to the destination host. HAProxy Enterprise listens on port 514 for both TCP and UDP syslog messages and forwards them to the syslog server at IP address 192.168.1.100 at TCP port 514. The syslog server is checked for health using the
log-forward syslog # Listen on TCP port 514 bind 0.0.0.0:514 # Listen on UDP port 514 dgram-bind 0.0.0.0:514 log ring@logbuffer local0 ring logbuffer description "buffer for logs" format rfc5424 maxlen 1500 size 65536 timeout connect 10s timeout server 20s # Sends outgoing messages via TCP server logserver 192.168.1.100:514 check
Translate the syslog protocol
You can also translate messages from one format to another. In the below example, all syslog messages received will be translated to the
RFC 5424 format, regardless of the syslog format in which they were received. Here, we send messages to the destination server over UDP, since we did not configure a ring buffer.
log-forward syslog-lb bind :::7514 # Listen on TCP IPv4/IPv6 dgram-bind :::7514 # Listen on UDP IPv4/IPv6 # load balance messages on 2 UDP syslog servers log 10.1.0.2:10001 format rfc5424 sample 1:2 local0 info log 10.1.0.3:10002 format rfc5424 sample 2:2 local0 info
Global count of received syslog messages
The Runtime API
show info command also exposes a new counter called
CumRecvLogs, which provides a global count of received syslog messages.
$ echo "show info desc" | \ sudo socat stdio unix-connect:/var/run/hapee-2.7/hapee-lb.sock CumRecvLogs: 5:"Total number of log messages received by log-forwarding listeners on this worker process since started" Build info: 2.7.0-1.0.0-297.600:"Build info" Memmax_bytes: 0:"Worker process's hard limit on memory usage in byes (-m on command line)" PoolAlloc_bytes: 143592:"Amount of memory allocated in pools (in bytes)" PoolUsed_bytes: 143592:"Amount of pool memory currently used (in bytes)" Start_time_sec: 1684208137:"Start time in seconds" Tainted: 0:"Experimental features used"