Custom Logging Per Backend In HAProxy

By Greg Keller Posted March 11, 2015

Custom logging HAProxy

HAProxy has good configurable logging.

I have a proxy with two backends, routed differently based on the port they’re using.

#---------------------------------------------------------------------
# http frontend
#---------------------------------------------------------------------
frontend http_frontend
    bind *:444
    default_backend http_backend

#---------------------------------------------------------------------
# nssocket frontend
#---------------------------------------------------------------------
frontend nssocket_frontend
    bind *:443
    default_backend nssocket_backend

The issue is that ‘nssocket’ traffic is way higher than the http traffic. It’s also less useful information to me, since I care about that traffic less. I’d like to have it be less verbose in my logs, but still sensitive enough to let me know if there’s trouble.

nssocket_frontend nssocket_backend/as11 1/0/15 1244 -- 638/4/4/1/0 0/0
http_frontend http_backend/as8 1/0/5310 1261 -- 639/633/633/123/0 0/0
nssocket_frontend nssocket_backend/as8 1/0/142 1244 -- 638/5/5/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/12 1244 -- 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/13 1244 -- 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/168 1244 -- 637/4/4/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/12 1244 -- 636/3/3/0/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/14 1244 -- 638/5/5/1/0 0/0
nssocket_frontend nssocket_backend/as8 1/0/163 1244 -- 640/7/7/1/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/16 1244 -- 639/6/6/2/0 0/0
nssocket_frontend nssocket_backend/as11 1/0/14 1244 -- 640/7/7/3/0 0/0

Basically, I want different logging in HAProxy based on the frontend. The noisy nssocket is just distracting.

Right now, all logging is being defined via the ‘global’ setting.

global
     log         127.0.0.1 local2 debug

To make this HAProxy logging discriminate per frontend, I override the log settings in each frontend section.

#---------------------------------------------------------------------
# http frontend
#---------------------------------------------------------------------
frontend http_frontend
    bind            *:444
    default_backend http_backend
    log             127.0.0.1 local2 debug

#---------------------------------------------------------------------
# nssocket frontend
#---------------------------------------------------------------------
frontend nssocket_frontend
    bind            *:443
    default_backend nssocket_backend
    log             127.0.0.1 local2 warning

Now, the logs give me a much more valuable insight into the incoming traffic that I care about, highlighting only the http traffic that matters to me.

http_frontend http_backend/as9 1/0/1103 1479 -- 1893/1887/1887/354/0 0/0
http_frontend http_backend/as12 1/14/6256 1261 -- 1897/1891/1891/434/0 0/0
http_frontend http_backend/as11 1/0/6379 1261 -- 1917/1911/1911/351/0 0/0
http_frontend http_backend/as8 1/0/6115 1261 -- 1918/1911/1911/347/0 0/0
http_frontend http_backend/as11 1/0/1297 1479 -- 1921/1914/1914/350/0 0/0
Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts