Re: "Success" logs in HTTP frontends

Fri, 14 Oct 2022 00:48:15 -0700 

On 2022-08-19 11:50, Christian Ruppert wrote:

On 2022-08-01 09:45, Christian Ruppert wrote:

On 2022-07-29 13:59, William Lallemand wrote:

On Fri, Jul 29, 2022 at 11:10:32AM +0200, Christopher Faulet wrote:

Le 7/29/22 à 10:13, Christian Ruppert a écrit :
> Hi list,
>
> so I noticed on my private HAProxy I have 2 of those logs within the
> past ~1-2 months:
> haproxy[28669]: 1.2.3.4:48596 [17/Jun/2022:13:55:18.530] public/HTTPSv4:
> Success
>
> So that's nothing so far but still no idea what that means.
> At work, of 250 mio log entries per day, there are about 600k of those
> "Success" ones.
> haproxy[27892]: 192.168.70.102:7904 [29/May/2022:00:13:37.316]
> genfrontend_35310-foobar/3: Success
>
> I'm not sure what it means by "3". Is it the third bind?
>
> I couldn't trigger those "Success" logs by either restarting or
> reloading. What is it for / where does it come from?
>

Hi Christian,
What is your version ? At first glance, I can't find such log message in the 
code. It could come from a lua module.
In fact, I found something. It is probably because an "embryonic" session is killed with no connection/ssl error. For instance, an SSL connection rejected because of a "tcp-request session" rule (so after the SSL handshake). The same 
may happen with a listener using the PROXY protocol.

Regards,
Could be something like that indeed, the "Success" message is the string 
for CO_ER_NONE in the fc_err_str fetch. (The default error string)

Maybe we lack some intermediate state, or we could just change the
string ?
It is only the string for the handshake status so this is confusing when 
used as an error.


Since it's that much every day I'd agree to change/improve it.
If it's the connection one then I only see it in combination with
SOCKS. There is no SOCKS in my config though, unless that also
triggers if something does a SOCKS request on that bind anyway.
I wasn't able to reproduce/trigger it that way yet.
Does anybody know how to trigger that on purpose? Would be really interesting.
So we have one system that does some DNAT stuff, well kind of at least, and triggers around ~700k of those "Success" logs per day. I still couldn't figure out the exact reason. The only hint I have is that it's really mostly that "DNAT" host. Some others also have some but by far not that much. On the same day, the others are all between 0 and 50. 

--
Regards,
Christian Ruppert

Reply via email to