JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Custom logging per backend in HAProxy



HAProxy has good configurable logging.

I have a proxy with two backends, routed differently based on the port they’re using.

#---------------------------------------------------------------------
# http frontend
#---------------------------------------------------------------------
frontend http_frontend
    bind *:444
    default_backend http_backend

#---------------------------------------------------------------------
# nssocket frontend
#---------------------------------------------------------------------
frontend nssocket_frontend
    bind *:443
    default_backend nssocket_backend

The issue is that ‘nssocket’ traffic is way higher than the http traffic. It’s also less useful information to me, since I care about that traffic less. I’d like to have it be less verbose in my logs, but still sensitive enough to let me know if there’s trouble.

nssocket_frontend nssocket_backend/as11 1/0/15 1244 -- 638/4/4/1/0 0/0
http_frontend http_backend/as8 1/0/5310 1261 -- 639/633/633/123/0 0/0
nssocket_frontend nssocket_backend/as8 1/0/142 1244 -- 638/5/5/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/12 1244 -- 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/13 1244 -- 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/168 1244 -- 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/12 1244 -- 636/3/3/0/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/14 1244 -- 638/5/5/1/0 0/0
nssocket_frontend nssocket_backend/as8 1/0/163 1244 -- 640/7/7/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/16 1244 -- 639/6/6/2/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/14 1244 -- 640/7/7/3/0 0/0

Basically, I want different logging in HAProxy based on the frontend. The noisy nssocket is just distracting.

Right now, all logging is being defined via the ‘global’ setting.

global
     log         127.0.0.1 local2 debug

To make this HAProxy logging discriminate per frontend, I override the log settings in each frontend section.

#---------------------------------------------------------------------
# http frontend
#---------------------------------------------------------------------
frontend http_frontend
    bind            *:444
    default_backend http_backend
    log             127.0.0.1 local2 debug

#---------------------------------------------------------------------
# nssocket frontend
#---------------------------------------------------------------------
frontend nssocket_frontend
    bind            *:443
    default_backend nssocket_backend
    log             127.0.0.1 local2 warning

Now, the logs give me a much more valuable insight into the incoming traffic that I care about, highlighting only the http traffic that matters to me.

http_frontend http_backend/as9 1/0/1103 1479 -- 1893/1887/1887/354/0 0/0
http_frontend http_backend/as12 1/14/6256 1261 -- 1897/1891/1891/434/0 0/0
http_frontend http_backend/as11 1/0/6379 1261 -- 1917/1911/1911/351/0 0/0
http_frontend http_backend/as8 1/0/6115 1261 -- 1918/1911/1911/347/0 0/0
http_frontend http_backend/as11 1/0/1297 1479 -- 1921/1914/1914/350/0 0/0

Recent Posts
Migrating clients off Active Directory and to a cloud directory service doesn’t have to be difficult. Check out our free tool, the ADMU.

Blog

Migrating Clients Off Active Directory

Migrating clients off Active Directory and to a cloud directory service doesn’t have to be difficult. Check out our free tool, the ADMU.

By adding MFA to VPN connections through RADIUS, IT admins can rest assured that their remote user access is secure. Try JumpCloud free.

Blog

Setting Up VPN MFA to Secure Remote Workers

By adding MFA to VPN connections through RADIUS, IT admins can rest assured that their remote user access is secure. Try JumpCloud free.

In an ideal world, MSPs could leverage a group policy object analogue across all three operating systems. Are there cross-OS GPOs for MSPs?

Blog

Group Policy Objects (GPOs) for MSPs

In an ideal world, MSPs could leverage a group policy object analogue across all three operating systems. Are there cross-OS GPOs for MSPs?