Custom logging on haproxy

Custom logging on haproxy

In this article I will show you how to improve logging on haproxy. If you read this article, you probably know that haproxy default log are most of the time insufficient for troubleshoot or deep analysis of traffic. You may want to forward these logs to some dashboarding / alerting tools that need a better log formatting. I do not consider myself as an expert in haproxy, however I wanted to share this tip to avoid people struggling too long on log formatting.

First be sure that logs are enable and to have these options enabled for the section you are working in:

        mode http
        option httplog

In your haproxy.cfg, you can add this configuration in your frontend / listen for example.

#Log format
        capture request header X-Forwarded-For len 20
        capture request header authorization len 80
        capture request header X-Client-Auth len 80
        capture request header User-Agent len 400
        capture request header Host len 150
        http-request capture req.body len 10000
        capture request header Accept-Language len 10

        log-format "%trg client_ip=%{+Q}[capture.req.hdr(0)] lb=%ci destination=%si response_status=%ST path=%r auth_token=%{+Q}[capture.req.hdr(1)] client_key=%{+Q}[capture.req.hdr(2)] response=%Tr total_time=%Tt bytes=%U user_agent=%{+Q}[capture.req.hdr(3)] host=%{+Q}[capture.req.hdr(4)] body=%{+Q}[capture.req.hdr(5)] accept_language=%{+Q}[capture.req.hdr(6)]"

I know that what you can read above is not that straight forward. What is important is the last line "log-format". This will format the output logs using variables that haproxy provide. You can find the full list in the documentation right here. Some of the needed information are present in the header, and for this part we need to "capture" all these headers and then haproxy will put them in la list. the statement %{+Q}[capture.req.hdr(0)] will render the first element of the captured header list, which is the X-Forwared-For attribute.

After finished editing your configuration, as always check the syntax and reload the config:

$ haproxy -c -V -f /etc/haproxy/haproxy.cfg
$ service haproxy reload