i HAProxy logging and monitoring – All things in moderation

HAProxy logging and monitoring

In post we mentioned about installing and configuring HAProxy. This post go to next level explore more about logging and monitoring HAProxy.


What we have to concern about haproxy logging ? Some of keywords we need to know are log levels, log formats, advanced logging options, timming events, etc. Find out more here

Standard information provided in logs include client ports, TCP/HTTP state timers, precise session state at termination and precise termination cause, information about decisions to direct traffic to a server, and certainly the ability to capture arbitrary headers.

Configure logging for HAProxy

An haproxy example config /etc/haproxy/haproxy.cfg :

    log local0 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-options no-sslv3

    log global
    mode    http
    option  httplog
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000

The log will be sent to syslog server but On Ubunut rsyslog is already installed and running but it doesn’t listen on any IP address. So we have to make it do:
Edit the config file of rsyslog:

vim /etc/rsyslog.conf  

Add, Uncomment the following lines:

Create a rule for HAProxy logs:

vim /etc/rsyslog.d/haproxy.conf

Make sure you have a line like it.

if ($programname == 'haproxy') then -/var/log/haproxy.log  

Now restart the rsyslog service:

service rsyslog restart  

This writes all HAProxy messages and access logs to /var/log/haproxy.log


We have an example haproxy configuration here /etc/haproxy/haproxy.cfg

frontend localnodes
    bind *:80
    mode http
    default_backend nodes

backend nodes
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server web01 check
    server web02 check
    server web03 check

listen haproxy-monitoring
   bind *:1936
   mode http
   stats enable
   stats hide-version
   stats realm Haproxy\ Statistics
   stats uri /
   stats auth myUser:myPassword

HAProxy comes with a web interface for monitoring the load balancer and the servers it is setup to use. Let’s go over the above options:
* bind *:1936 – it listent on port 1936
* stats enable – Enable the * stats monitoring dashboard
* stats uri / – The URI to reach it is just / (on port 1936)
* stats hide-version – Hide the version of HAProxy used
stats auth someuser:password – Use HTTP basic authentication.
here’s what the dashboard will look like:



Leave a Reply