Le 08/11/2016 à 16:36, Willy Tarreau a écrit :
Hello,
On Tue, Nov 08, 2016 at 03:55:04PM +0100, Arnall wrote:
Hello everyone,
i've made some test on the 'option dontlognull' / 'no option dontlognull'
and 'tcp-request deny', because i want to be sure that IP in blacklist is
logged correctly. I'm still not sure about the behavior, if i have "no
option dontlognull' i have all denied requests logged, that's OK. But with
'option dontlognull' i still have "some" denied requests logged from time to
time ( BADREQ + PR-- status, test made with own IP in blacklist ), is there
some kind of cache with 'option dontlognull' that just log the first denied
request and not the others for a specific IP ? It would be interesting to
avoid noise in log files, but the doc just say : option "dontlognull"
indicate that a connection on which no data has been transferred will not be
logged.
In fact there was an action on your connection which is the deny. I'm
surprized that some of your connections are not logged when you do this.
This option was created to avoid logging useless connections, typically
connection probes from external components, or pre-connects from browsers
which finally don't send anything. So normally if you actively close with
"tcp-request deny", it should be logged. I'd say that if some of them are
not logged I'm interested in how to reproduce this to ensure that in the
future they will all be logged.
Here is our setup :
defaults
log global
mode http
http-reuse always
option dontlognull
option httplog
option http-keep-alive
option abortonclose
option splice-auto
option tcp-smart-connect
option http-buffer-request
timeout connect 10s
timeout server 30s
timeout client 30s
timeout http-request 5s
timeout http-keep-alive 10s
frontend web
bind *:80
acl whitelist src -f /etc/haproxy/whitelist.lst -f
/etc/haproxy/local.lst
acl blacklist src -f /etc/haproxy/blacklist_manual.lst -f
/etc/haproxy/blacklist_auto.lst
tcp-request content accept if whitelist
tcp-request content reject if blacklist
With this setup :
- option dontlognull : request denied is logged from time to time
- no option dontlognull : request denied is always logged
Any hint ?
Then do not log, that's much better. You can even change the log level with
the "set-log-level silent" directive. That seems to better match your needs.
I do want to log denied request ! :) I just want to know what is the
exact behavior with "option dontlognull" because it could save some
noise in the log files.
Best regards,
Willy
Thks !
