Setup

HAProxy is a network device, so it needs to transfer logs using the syslog protocol. To ship HAProxy logs to an ELK stack, you’ll first need to configure HAProxy logging to transmit the logs to a local rsyslog server. From there, you can ship the logs from rsyslog to Logz.io.

You’ll need: root access, rsyslog 5.8.0 or later

Guided configuration
  1. Configure HAProxy

    Copy this text to your HAProxy configuration (/etc/haproxy/haproxy.cfg by default).

    global
      log 127.0.0.1:514 len 4096 local1 # Send logs to localhost port 514 over UDP, facility set to ‘local1’
    
    defaults HTTP # HTTP Defaults
      log global # refer to the global log definition
      option dontlog-normal # disable logging of normal, successful connections
      mode http
      option httplog # Enable logging of HTTP request, session state and timers
    
    listen INPUT_NAME_HTTP
      bind :PORT
    
      server SERVER_NAME SERVER_ADDRESS:PORT
    
    defaults TCP # TCP Defaults
      log global # refer to the global log definition
      option dontlog-normal # disable logging of normal, successful connections
      mode tcp
      option tcplog # Enable advanced logging of TCP connections, session state and timers
    
    listen INPUT_NAME_TCP
      bind :PORT
    
      server SERVER_NAME SERVER_ADDRESS:PORT
    
  2. Configure rsyslog

    Copy this text to your rsyslog configuration (/etc/rsyslog.conf by default).

    Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.

    Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.

    $ModLoad imuxsock # provides support for local system logging
    $ModLoad imklog # provides kernel logging support
    $ModLoad imudp
    $UDPServerAddress 0.0.0.0 # listen on the localhost , protocol UDP
    $UDPServerRun 514 # listen on port 514, protocol UDP
    $KLogPermitNonKernelFacility on
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
    $RepeatedMsgReduction on
    $FileOwner syslog
    $FileGroup adm
    $FileCreateMode 0640
    $DirCreateMode 0755
    $Umask 0022
    $PrivDropToUser syslog
    $PrivDropToGroup syslog
    $WorkDirectory /var/spool/rsyslog
    
    # the logz.io syslog template,
    $template HAProxyLogzioFormat,"[<<SHIPPING-TOKEN>>] <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [type=haproxy] %msg%\n"
    
    # Send messages to Logz over TCP using the template.
    *.* @@<<LISTENER-HOST>>:5000;HAProxyLogzioFormat
    
  3. Restart rsyslog

    sudo service rsyslog restart
    
  4. Check Logz.io for your logs

    Give your logs a few minutes to get from your system to ours, and then open Kibana.

    If you don’t see your logs, see log shipping troubleshooting.