Hello, I'm trying to setup haproxy RFC5424 logging to localhost and forwarding to a central log aggregator with rsyslog. Although this setup sounds quite straight forward and common to me, it's really hard to setup due to weak documentation of both - haproxy and rsyslog - in this context and a lack of examples. Nevertheless I've succeeded after some hours of trial-and-error... Only my settings do not work in case of SSL handshake problems. In this case I still get standard log messages from haproxy. Is it possible to setup RFC5424 also for this case?
These are my settings: global log localhost:1514 format rfc5424 local0 log-send-hostname [...] defaults log global log-format-sd %{+E}o[my_sdid@12345\ client_ip=\"%ci\"\ client_port=\"%cp\"\ haproxy_frontend=\"%ft\"\ haproxy_backend=\"%b\"\ haproxy_server=\"%s\"\ haproxy_time_receive=\"%TR\"\ haproxy_time_queue=\"%Tc\"\ haproxy_time_response=\"%Tr\"\ haproxy_time_total=\"%Ta\"\ http_status_code=\"%ST\"\ bytes_read=\"%B\"\ haproxy_termination_state=\"%ts\"\ haproxy_total_connections=\"%ac\"\ haproxy_frontend_connections=\"%fc\"\ haproxy_backend_connections=\"%bc\"\ haproxy_server_connections=\"%sc\"\ haproxy_server_retries=\"%rc\"\ haproxy_server_queue=\"%sq\"\ haproxy_backend_queue=\"%bq\"\ http_request_headers=\"%hr\"\ http_response_headers=\"%hs\"\ http_request_method=\"%HM\"\ http_version=\"%HV\"\ http_request_path=\"%HPO\"\ http_request_query=\"%HQ\"] option httplog [...] frontend my_frontend mode http bind 1.2.3.4:443 ssl [...] [...] backend my_backend [...] A "normal" log message looks like this: <134>1 2023-04-05T09:00:14.893116+02:00 my_host haproxy 94107 - [my_sdid@12345 client_ip="4.3.2.1" client_port="65344" haproxy_frontend="my_frontend~" haproxy_backend="my_backend" haproxy_server="my_server01" haproxy_time_receive="0" haproxy_time_queue="1" haproxy_time_response="4" haproxy_time_total="5" http_status_code="200" bytes_read="168" haproxy_termination_state="--" haproxy_total_connections="1" haproxy_frontend_connections="1" haproxy_backend_connections="0" haproxy_server_connections="0" haproxy_server_retries="0" haproxy_server_queue="0" haproxy_backend_queue="0" http_request_headers="{my_user_agent}" http_response_headers="" http_request_method="GET" http_version="HTTP/1.1" http_request_path="/path" http_request_query="?query=foo"] 4.3.2.1:65344 [05/Apr/2023:09:00:14.887] my_frontend~ my_backend/my_server01 0/0/1/4/5 200 168 - - ---- 1/1/0/0/0 0/0 {my_user_agent} "GET /path?query=foo HTTP/1.1" In case the SSL handshake fails (e.g. because of a simple TCP connection check): <134>1 2023-04-05T09:00:14.047002+02:00 my_host haproxy 94107 - - 4.3.2.1:65341 [05/Apr/2023:09:00:13.996] my_frontend/1: Connection closed during SSL handshake Thanks and Regards, Carsten