Custom logging per backend in HAProxy

Written by Greg Keller on March 11, 2015

Share This Article

HAProxy has good configurable logging.

I have a proxy with two backends, routed differently based on the port they’re using.

#———————————————————————
# http frontend
#———————————————————————
frontend http_frontend
    bind *:444
    default_backend http_backend

#———————————————————————
# nssocket frontend
#———————————————————————
frontend nssocket_frontend
    bind *:443
    default_backend nssocket_backend

The issue is that ‘nssocket’ traffic is way higher than the http traffic. It’s also less useful information to me, since I care about that traffic less. I’d like to have it be less verbose in my logs, but still sensitive enough to let me know if there’s trouble.

nssocket_frontend nssocket_backend/as11 1/0/15 1244 — 638/4/4/1/0 0/0
http_frontend http_backend/as8 1/0/5310 1261 — 639/633/633/123/0 0/0
nssocket_frontend nssocket_backend/as8 1/0/142 1244 — 638/5/5/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/12 1244 — 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/13 1244 — 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/168 1244 — 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/12 1244 — 636/3/3/0/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/14 1244 — 638/5/5/1/0 0/0
nssocket_frontend nssocket_backend/as8 1/0/163 1244 — 640/7/7/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/16 1244 — 639/6/6/2/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/14 1244 — 640/7/7/3/0 0/0

Basically, I want different logging in HAProxy based on the frontend. The noisy nssocket is just distracting.

Right now, all logging is being defined via the ‘global’ setting.

global
     log         127.0.0.1 local2 debug

To make this HAProxy logging discriminate per frontend, I override the log settings in each frontend section.

#———————————————————————
# http frontend
#———————————————————————
frontend http_frontend
    bind            *:444
    default_backend http_backend
    log             127.0.0.1 local2 debug

#———————————————————————
# nssocket frontend
#———————————————————————
frontend nssocket_frontend
    bind            *:443
    default_backend nssocket_backend
    log             127.0.0.1 local2 warning

Now, the logs give me a much more valuable insight into the incoming traffic that I care about, highlighting only the http traffic that matters to me.

http_frontend http_backend/as9 1/0/1103 1479 — 1893/1887/1887/354/0 0/0
http_frontend http_backend/as12 1/14/6256 1261 — 1897/1891/1891/434/0 0/0
http_frontend http_backend/as11 1/0/6379 1261 — 1917/1911/1911/351/0 0/0
http_frontend http_backend/as8 1/0/6115 1261 — 1918/1911/1911/347/0 0/0
http_frontend http_backend/as11 1/0/1297 1479 — 1921/1914/1914/350/0 0/0
Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter