In this article I will show you how to improve logging on haproxy. If you read this article, you probably know that haproxy default log are most of the time insufficient for troubleshoot or deep analysis of traffic. You may want to forward these logs to some dashboarding / alerting tools that need a better log formatting. I do not consider myself as an expert in haproxy, however I wanted to share this tip to avoid people struggling too long on log formatting.
First be sure that logs are enable and to have these options enabled for the section you are working in:
mode http
option httplog
In your haproxy.cfg, you can add this configuration in your frontend / listen for example.
#Log format
capture request header X-Forwarded-For len 20
capture request header authorization len 80
capture request header X-Client-Auth len 80
capture request header User-Agent len 400
capture request header Host len 150
http-request capture req.body len 10000
capture request header Accept-Language len 10
log-format "%trg client_ip=%{+Q}[capture.req.hdr(0)] lb=%ci destination=%si response_status=%ST path=%r auth_token=%{+Q}[capture.req.hdr(1)] client_key=%{+Q}[capture.req.hdr(2)] response=%Tr total_time=%Tt bytes=%U user_agent=%{+Q}[capture.req.hdr(3)] host=%{+Q}[capture.req.hdr(4)] body=%{+Q}[capture.req.hdr(5)] accept_language=%{+Q}[capture.req.hdr(6)]"
I know that what you can read above is not that straight forward. What is important is the last line "log-format". This will format the output logs using variables that haproxy provide. You can find the full list in the documentation right here. Some of the needed information are present in the header, and for this part we need to "capture" all these headers and then haproxy will put them in la list. the statement %{+Q}[capture.req.hdr(0)] will render the first element of the captured header list, which is the X-Forwared-For attribute.
After finished editing your configuration, as always check the syntax and reload the config:
$ haproxy -c -V -f /etc/haproxy/haproxy.cfg
$ service haproxy reload