HAProxy
Overview
HAProxy is a free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. HAProxy has a lot of features and because it is located between your infrastructure and your clients, it can give you a lot of information about either of them.
Event Categories
The following table lists the data source offered by this integration.
Data Source | Description |
---|---|
Web logs |
HAProxy logs provide information about the connected client and the requested resource |
HAProxy Configuration
HAProxy Configuration file is created by default when HAProxy is setup on the machine
Note
HAProxy configuration default file haproxy.cfg
will be found in the directory /etc/haproxy
By default events are forwarded to /var/lib/haproxy/dev/log
then processed by a local rsyslog to store them on /var/log/haproxy.log
.
Forward the HAProxy logs to a concentrator
After HAProxy has been setup and configured, the logs have to be sent to a syslog concentrator then forwarded to SEKOIA.IO.
By default, at HAProxy first installation, an rsyslog configuration is created on the repository /etc/rsyslog.d/
, it contains the following lines:
# Create an additionnal socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
:programname, startswith, "haproxy" {
/var/log/haproxy.log
stop
}
You only have to replace the configuration by the following lines:
# Create an additionnal socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Use a condition that identifies specifically HaProxy logs that send them to a syslog concentrator
if ($programname startswith 'haproxy') then {
# Log events locally
/var/log/haproxy.log
# Forward HAProxy logs to a concentrator
action(
type="omfwd"
protocol="tcp"
target="<Concentrator_FQDN_or_IP>"
port="<Remote_Port>"
TCP_Framing="octet-counted"
)
}
For more information on Rsyslog configuration, please consult the next section.
Rsyslog
The reader is invited to consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.