Hey guys, I've got multiple nodes with rsyslog, sending tls encrypted logs to my haproxy maschine, behind that are two logstash servers to process the data. the haproxy config:
global chroot /var/lib/haproxy daemon group root log 127.0.0.1 local0 maxconn 4000 nbproc 8 pidfile /var/run/haproxy.pid tune.ssl.default-dh-param 4096 user root defaults log global maxconn 8000 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout check 10s listen logstash01 bind 10.111.2.249:514 ssl ca-file /etc/haproxy/ca.pem crt /etc/haproxy/logstash.pem verify required crl-file /etc/haproxy/crl.pem ciphers EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA mode tcp balance roundrobin option tcplog server clusternode1 192.168.1.11:514 check server clusternode2 192.168.1.8:514 check source 0.0.0.0 usesrc clientip logstash needs the client ip as a source, so I'm trying to use "source 0.0.0.0 usesrc clientip". Do I need any additional iptables magic on the haproxy server to make this work? logstash refuses the data and sends TCP RST. Without " source 0.0.0.0 usesrc clientip" everything is working. Let me know if you need any additional information. best regards, Tim
