HAProxy config tutorials

Syslog forwarding

Available since

  • HAProxy 2.3
  • HAProxy Enterprise 2.3r1
  • HAProxy ALOHA 13.0

The load balancer can receive Syslog log messages, buffering them in memory for short-term storage, before forwarding them to a remote log server. It thereby acts as a collection point for logs originating on the network until it relays them to a destination log server. This allows you to scale out your logging infrastructure, rather than having all devices send logs directly to the log server.

Receive and buffer Syslog messages Jump to heading

You can can listen for incoming Syslog messages over UDP, TCP, or both by using the bind and dgram-bind directives in a log-forward section.

  1. Add a log-forward section to your configuration to receive Syslog messages over TCP via the bind directive and over UDP via the dgram-bind directive. The log directive places logs into a ring buffer.

    haproxy
    log-forward syslog
    # Listen on TCP port 514
    bind 0.0.0.0:514
    # Listen on UDP port 514
    dgram-bind 0.0.0.0:514
    log ring@logbuffer local0
    haproxy
    log-forward syslog
    # Listen on TCP port 514
    bind 0.0.0.0:514
    # Listen on UDP port 514
    dgram-bind 0.0.0.0:514
    log ring@logbuffer local0
  2. Add a ring section to buffer messages until they can be sent to the remote Syslog server. It’s best to add only one server to a ring section. You can create multiple ring sections with one server each.

    haproxy
    ring logbuffer
    description "buffer for logs"
    format rfc5424
    maxlen 1500
    size 65536
    timeout connect 10s
    timeout server 20s
    # Sends outgoing messages via TCP
    server logserver 192.168.1.100:514
    haproxy
    ring logbuffer
    description "buffer for logs"
    format rfc5424
    maxlen 1500
    size 65536
    timeout connect 10s
    timeout server 20s
    # Sends outgoing messages via TCP
    server logserver 192.168.1.100:514

Standardize the Syslog protocol Jump to heading

In the log-forward section, you can translate incoming messages to a standardized Syslog protocol, such as the RFC 5424 format, regardless of the Syslog format in which they were received. Add the format argument to the log directive:

haproxy
log-forward syslog
# Listen on TCP port 514
bind 0.0.0.0:514
# Listen on UDP port 514
dgram-bind 0.0.0.0:514
log ring@logbuffer format rfc5424 local0
haproxy
log-forward syslog
# Listen on TCP port 514
bind 0.0.0.0:514
# Listen on UDP port 514
dgram-bind 0.0.0.0:514
log ring@logbuffer format rfc5424 local0

Forward HAProxy logs Jump to heading

In addition to forwarding log messages from other network devices, you can also use a ring section to forward HAProxy logs over TCP. Otherwise, HAProxy sends its logs over UDP via the log directive in the global section.

Below is the traditional way to send HAProxy logs to a remote Syslog server over UDP:

haproxy
global
log 192.168.1.100 local0
defaults
log global
haproxy
global
log 192.168.1.100 local0
defaults
log global

To send them over TCP instead:

haproxy
global
log ring@logbuffer local0
defaults
log global
ring logbuffer
description "buffer for logs"
format rfc5424
maxlen 1500
size 65536
timeout connect 10s
timeout server 20s
# Sends outgoing messages via TCP
server logserver 192.168.1.100:514
haproxy
global
log ring@logbuffer local0
defaults
log global
ring logbuffer
description "buffer for logs"
format rfc5424
maxlen 1500
size 65536
timeout connect 10s
timeout server 20s
# Sends outgoing messages via TCP
server logserver 192.168.1.100:514

If this page was useful, please, Leave the feedback.