30

I've just installed haproxy on my test server.

Is there a way of making it write its logs to a local file, rather than syslog?

This is only for testing so I don't want to start opening ports / cluttering up syslog with all my test data.

Unfortunately, the only information I can find all revolves around logging to a syslog server.

I tried using:

log /home/user/ha.log local0

in my config. But that told me:

[ALERT] 039/095022 (9528) : sendto logger #1 failed: No such file or directory (errno=2)

When I restarted. So I created the file with touch /home/user/ha.log and restarted at which point I got:

[ALERT] 039/095055 (9593) : sendto logger #1 failed: Connection refused (errno=111)

Is this possible, or am I going to have to configure syslog etc. to see my test data?

Improve this question
1
  • 2
    I don't think HAProxy can log to a file, and I suspect the reason for this is that writes to disk are a blocking operation. Why do you really not want to use syslog? Config is not all that tricky. You can assign a local facility to HAProxy and configure your syslog daemon to write those entries to a different file, and not to other syslog files (or network streams), if you're not wanting the HAProxy logs not to be mixed in with everything else. Commented Feb 9, 2016 at 12:23

5 Answers 5

Reset to default
21

Haproxy simply doesn't support logging to files. As stated in the documentation (https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.1-log), the "log" statement takes as first parameter an address. If that's a file, it's a unix socket and HAProxy will speak in the syslog format to this socket. Haproxy is designed like this because its responsability is to proxy requests, not write files, it delegates writing of log files to syslog. If you don't want to mess with your machine, you can for example install logstash and run: logstash -e 'input { unix { path => "/tmp/haprxoy_log.sock" } } output { stdout { } }' and add: log /tmp/haprxoy_log.sock In your haproxy.cfg to test it.

Improve this answer
2
  • I'm getting "E: Unable to locate package logstash". Was logstash removed from ubuntu? Commented Dec 11, 2019 at 11:54
  • @user568021 seems logstash is not provided in ubuntu, but elastic (logstash's maintainer) provides an apt source. Also, logstash is a java software, so you might be able to run it by downloading a jar file running it with a JRE (which is provided by ubuntu) Commented Jan 23, 2020 at 6:21
11

You can change haproxy log config file under /etc/rsyslog.d/ to point the file to the path you like. Not sure about other distribution. For me, I'm using Debian. I changed /etc/rsyslog.d/49-haproxy.conf to point to /var/log/haproxy/haproxy.log,

# Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $AddUnixListenSocket /var/lib/haproxy/dev/log # Send HAProxy messages to a dedicated logfile :programname,startswith,"haproxy" /var/log/haproxy/haproxy.log

You should also update the log path in /etc/logrotate.d/haproxy to the new path. So that it will rotate and compress logfile in newly configured path using gzip.

Then restart rsyslog.service.

sudo systemctl restart rsyslog.service

Now haproxy.log.* file will be in /var/log/haproxy/ directory.

Improve this answer
1
  • How do I create separate log for errors like /var/log/haproxy-errors.log without affecting the original haproxy.log? Commented Dec 5, 2019 at 5:30
9

Since version 1.9 HAProxy supports logging to stdout and stderr.

With that in mind it's pretty trivial to pipe it to a file.

# change haproxy.cfg file with the following global log stdout local0 debug defaults log global option httplog

And then you can simply run HAProxy like this:

haproxy -f haproxy.cfg > haproxy.log 2>&1 &

As you probably know > pipes stdout to the file haproxy.log and then 2>&1 pipes stderr also to the same file. It ends with & that will put the process in the background.

You can get fancier and try to setup a script to kill the previous instance of haproxy by doing something like this:

#!/bin/bash # mini launcher kill -9 `cat /home/user/haproxy.pid` /home/user/haproxy -f /home/haproxy.cfg > /home/user/haproxy.log 2>&1 & echo $! > /home/user/haproxy.pid

Tough, as you can probably tell... not recommended.

Edit: Logging to files used to be a blocking event and thus, not recommended, specially for something like HAProxy. The HAProxy team made it abundantly clear on the release post linked above that this is not the case anymore.

We’ve received this request quite a bit and have spent some time planning the best way to implement it—without blocking—and we’re pleased to announce that we’ve found a solution!

Improve this answer
8
  • 1
    why is logging to stdout/err "not recommended"? is this your opinion or is there official documentation about problems with that? Commented Nov 24, 2020 at 11:24
  • 2
    @Florian, you are correct. I was misguided by past behaviour. It does not block on recent releases thus the sentence was opinionative (and wrong). Edited the answer. Thanks! Commented Nov 24, 2020 at 16:14
  • @Frankie getting error sendmsg()/writev() failed in logger #1: Connection refused (errno=111) with a file read/writable by haproxy. Doc says A file descriptor number in the form "fd@<number>", which may point to a pipe, terminal, or socket. How do we know fd before process starts? Doc says Exceptionally for debugging purposes the file descriptor may also be directed to a file, but doing so will significantly slow HAProxy down as non-blocking calls will be ignored. Also there will be no way to purge nor rotate this file without restarting the process. How to redirect that fd to file? Commented Jun 23, 2021 at 18:11
  • @SameerNaik what HAProxy version are you using? Since 1.9 this should be straightforward - just like the example above. Commented Jun 24, 2021 at 0:10
  • 1
    We are using version 2.0.7. We are trying to redirect output to a regular file by specifying its full path instead of stdout Commented Jun 24, 2021 at 7:01
0

You have tried to configured in the user home directory, haproxy doesn't have permission to access user's home directory, so that cause issue.

Instead try in other location, create directory in /var/<directory>

log /var/<directory>/ha.log
Improve this answer
3
  • 2
    I tried sudo touch /var/log/ha.log and added log /var/log/ha.log local0 to my config, but got the same error as above connection refused. Commented Feb 9, 2016 at 10:56
  • In log why you giving local0 in the end? Commented Feb 9, 2016 at 11:24
  • 1
    I tried leaving it out, but when I restarted I got the error 'log' expects <address> and <facility> as arguments. so required something there. According to the instructions <facility> must be one of the 24 standard syslog facilities (which I think may be part of the problem) Commented Feb 9, 2016 at 11:41
0

You will have to create a log service in order for haproxy to be able to log to specific files. Use following instructions, which worked for me in EL7 and HAProxy 2.7-dev5:-

yum install rsyslog

vi /etc/rsyslog.d/haproxy.conf

$ModLoad imudp $UDPServerAddress 127.0.0.1 $UDPServerRun 514 local2.* /logdir/haproxy local3.* /logdir/haproxy-access_log

systemctl restart rsyslog && ldconfig

vi /../../haproxy.cfg

global log stderr local0 info log 127.0.0.1 local2 notice log 127.0.0.1 local3 defaults log global option httplog

systemctl restart haproxy

Don't forget to setup log rotation service as well, to avoid unnecessary space consumption and following should do the job:-

vi /etc/logrotate.d/haproxy

/logdir/logdir/haproxy-access_log { weekly rotate 7 missingok size=5M notifempty dateext dateformat -%d%m%Y compress create 0644 logfileowner logfileowner su logfileowner logfileowner mail email@torecievelogs postrotate /usr/bin/systemctl reload haproxy endscript }

Also, run the following two commands to find out if there is any problem with log rotation:-

logrotate --force /etc/logrotate.d/haproxy grep logrotate /var/log/audit/audit.log | audit2why

Lastly, hereby I note if security-enhanced is enabled you might need to tweak log files context and its parent directory.

Good luck :).

Zakaria.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.