Hello Aleksandar, thank you for your reply. We are using HAproxy under SLES 15 SP4 and here is the version info:
srvkdgrllbp01:/etc/haproxy # haproxy -vv HAProxy version 2.8.0-fdd8154 2023/05/31 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2028. Known bugs: http://www.haproxy.org/bugs/bugs-2.8.0.html Running on: Linux 5.14.21-150400.24.81-default #1 SMP PREEMPT_DYNAMIC Tue Aug 8 14:10:43 UTC 2023 (90a74a8) x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -PTHREAD_EMULATION -QUIC +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=2). Built with OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release SUSE_OPENSSL_RELEASE Running on OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release 150400.7.53.1 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.6 Built with network namespace support. Built with libslz for stateless compression. Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.45 2021-06-15 Running on PCRE version : 8.45 2021-06-15 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with gcc compiler version 7.5.0 Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG <default> : mode=HTTP side=FE|BE mux=H1 flags=HTX h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG <default> : mode=TCP side=FE|BE mux=PASS flags= none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG Available services : none Available filters : [BWLIM] bwlim-in [BWLIM] bwlim-out [CACHE] cache [COMP] compression [FCGI] fcgi-app [SPOE] spoe [TRACE] trace Best regards, Sören Hellwig -----Ursprüngliche Nachricht----- Von: Aleksandar Lazic <al-hapr...@none.at> Gesendet: Montag, 30. Oktober 2023 17:58 An: Hellwig, Sören <s.hell...@uke.de>; haproxy@formilux.org Betreff: [EXT] Re: Question about syslog forwarding with HAProxy with keeping the client IP Hi, On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote: > Hello Support-Team, > > we are using the HAProxy as load balancer for our Graylog servers. Which version of HAProxy? haproxy -vv > The TCP based protocols works fine, but we have some trouble with the > syslog forwarding. > > Our configuration file *haproxy.cfg* looks like this: > > log-forward syslog > > # accept incomming UDP messages > > dgram-bind 10.1.2.50:514 transparent > > # log message into ring buffer > > log ring@logbuffer format rfc5424 local0 > > ring logbuffer > > description "buffer for syslog" > > format rfc5424 > > maxlen 1200 > > size 32764 > > timeout connect 5s > > timeout server 10s > > # send outgoing messages via TCP > > server logserver1 10.1.2.44:1514 log-proto octet-count check > > #server logserver1 10.1.2.44:1514 log-proto octet-count check > source > 0.0.0.0 usesrc clientip > > The syslog messages are forwarded to the logserver1 10.1.2.44. > Unfortunately some older Cisco switches did not send the hostname or > IP address in the syslog packet. > > Is there any chance to route the client IP though the ringbuffer to the > logserver1? As HAProxy does not handle the syslog protocl isn't there a option to add this info into the syslog protocol. A possible solution is to use for this specific devices a syslog receiver like fluentbit or rsyslog which adds the information and forwards the log line to haproxy or the destination server. https://docs.fluentbit.io/manual/pipeline/inputs/syslog https://docs.fluentbit.io/manual/pipeline/filters/record-modifier https://docs.fluentbit.io/manual/pipeline/outputs https://www.rsyslog.com/doc/v8-stable/configuration/modules/idx_input.html https://www.rsyslog.com/doc/v8-stable/configuration/modules/idx_messagemod.html https://www.rsyslog.com/doc/v8-stable/configuration/modules/idx_output.html Just some ideas how to solve the issue. > The command *source* is not allowed in the *ring* section. If I > uncomment the last line no data is send to the logserver1. > > Best regards, > > Sören Hellwig > > Dipl.-Ing. (FH) technische Informatik Best regards Alex -- _____________________________________________________________________ Universitätsklinikum Hamburg-Eppendorf; Körperschaft des öffentlichen Rechts; Gerichtsstand: Hamburg | www.uke.de Vorstandsmitglieder: Prof. Dr. Christian Gerloff (Vorsitzender), Joachim Prölß, Prof. Dr. Blanche Schwappach-Pignataro, Matthias Waldmann (komm.) _____________________________________________________________________ SAVE PAPER - THINK BEFORE PRINTING
