On 2023-11-01 (Mi.) 15:17, Hellwig, Sören wrote:
Hello Aleksandar,
thank you for your reply. We are using HAproxy under SLES 15 SP4 and here is
the version info:
srvkdgrllbp01:/etc/haproxy # haproxy -vv
HAProxy version 2.8.0-fdd8154 2023/05/31 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2028.
Known bugs: http://www.haproxy.org/bugs/bugs-2.8.0.html
Uff that's old. Can you update?
Have you seen the rest of the answer in the previous mail, also?
Regards
Alex
Running on: Linux 5.14.21-150400.24.81-default #1 SMP PREEMPT_DYNAMIC Tue Aug 8
14:10:43 UTC 2023 (90a74a8) x86_64
Build options :
TARGET = linux-glibc
CPU = generic
CC = cc
CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement
-Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2
-Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered
-Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int
-Wno-atomic-alignment
OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1
DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H
-DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC
+LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER
+NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT
-PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -PTHREAD_EMULATION -QUIC +RT +SHM_OPEN
+SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY
-WURFL -ZLIB
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=2).
Built with OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release
SUSE_OPENSSL_RELEASE
Running on OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release
150400.7.53.1
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.6
Built with network namespace support.
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with PCRE version : 8.45 2021-06-15
Running on PCRE version : 8.45 2021-06-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 7.5.0
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
<default> : mode=HTTP side=FE|BE mux=H1 flags=HTX
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
<default> : mode=TCP side=FE|BE mux=PASS flags=
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
Available services : none
Available filters :
[BWLIM] bwlim-in
[BWLIM] bwlim-out
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
Best regards,
Sören Hellwig
-----Ursprüngliche Nachricht-----
Von: Aleksandar Lazic <al-hapr...@none.at>
Gesendet: Montag, 30. Oktober 2023 17:58
An: Hellwig, Sören <s.hell...@uke.de>; haproxy@formilux.org
Betreff: [EXT] Re: Question about syslog forwarding with HAProxy with keeping
the client IP
Hi,
On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote:
Hello Support-Team,
we are using the HAProxy as load balancer for our Graylog servers.
Which version of HAProxy?
haproxy -vv
The TCP based protocols works fine, but we have some trouble with the
syslog forwarding.
Our configuration file *haproxy.cfg* looks like this:
log-forward syslog
# accept incomming UDP messages
dgram-bind 10.1.2.50:514 transparent
# log message into ring buffer
log ring@logbuffer format rfc5424 local0
ring logbuffer
description "buffer for syslog"
format rfc5424
maxlen 1200
size 32764
timeout connect 5s
timeout server 10s
# send outgoing messages via TCP
server logserver1 10.1.2.44:1514 log-proto octet-count check
#server logserver1 10.1.2.44:1514 log-proto octet-count check
source
0.0.0.0 usesrc clientip
The syslog messages are forwarded to the logserver1 10.1.2.44.
Unfortunately some older Cisco switches did not send the hostname or
IP address in the syslog packet.
Is there any chance to route the client IP though the ringbuffer to the
logserver1?
As HAProxy does not handle the syslog protocl isn't there a option to add this
info into the syslog protocol. A possible solution is to use for this specific
devices a syslog receiver like fluentbit or rsyslog which adds the information
and forwards the log line to haproxy or the destination server.
https://docs.fluentbit.io/manual/pipeline/inputs/syslog
https://docs.fluentbit.io/manual/pipeline/filters/record-modifier
https://docs.fluentbit.io/manual/pipeline/outputs
https://www.rsyslog.com/doc/v8-stable/configuration/modules/idx_input.html
https://www.rsyslog.com/doc/v8-stable/configuration/modules/idx_messagemod.html
https://www.rsyslog.com/doc/v8-stable/configuration/modules/idx_output.html
Just some ideas how to solve the issue.
The command *source* is not allowed in the *ring* section. If I
uncomment the last line no data is send to the logserver1.
Best regards,
Sören Hellwig
Dipl.-Ing. (FH) technische Informatik
Best regards
Alex
--
_____________________________________________________________________
Universitätsklinikum Hamburg-Eppendorf; Körperschaft des öffentlichen Rechts;
Gerichtsstand: Hamburg | www.uke.de
Vorstandsmitglieder: Prof. Dr. Christian Gerloff (Vorsitzender), Joachim Prölß,
Prof. Dr. Blanche Schwappach-Pignataro, Matthias Waldmann (komm.)
_____________________________________________________________________
SAVE PAPER - THINK BEFORE PRINTING
