Re: AW: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP
Hi Sören. On 2023-11-01 (Mi.) 18:18, Hellwig, Sören wrote: Hello Alex, I can compile the version 2.8.3 from source and install the actual release of the 2.8 LTS version. Yes you can but this will not solve the issue. Have you read the full mail from the first answer, there are some suggestions how to solve the issue? Best regards, Sören Hellwig Regards Alex -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Mittwoch, 1. November 2023 15:36 An: Hellwig, Sören ; [email protected] Betreff: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP On 2023-11-01 (Mi.) 15:17, Hellwig, Sören wrote: Hello Aleksandar, thank you for your reply. We are using HAproxy under SLES 15 SP4 and here is the version info: srvkdgrllbp01:/etc/haproxy # haproxy -vv HAProxy version 2.8.0-fdd8154 2023/05/31 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2028. Known bugs: http://www.haproxy.org/bugs/bugs-2.8.0.html Uff that's old. Can you update? Have you seen the rest of the answer in the previous mail, also? Regards Alex Running on: Linux 5.14.21-150400.24.81-default #1 SMP PREEMPT_DYNAMIC Tue Aug 8 14:10:43 UTC 2023 (90a74a8) x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL -PROMEX -PTHREAD_EMULATION -QUIC +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIB Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=2). Built with OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release SUSE_OPENSSL_RELEASE Running on OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release 150400.7.53.1 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.6 Built with network namespace support. Built with libslz for stateless compression. Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.45 2021-06-15 Running on PCRE version : 8.45 2021-06-15 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with gcc compiler version 7.5.0 Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2flags=HTX|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG : mode=HTTP side=FE|BE mux=H1flags=HTX h1 : mode=HTTP side=FE|BE mux=H1flags=HTX|NO_UPG : mode=TCP side=FE|BE mux=PASS flags= none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG Available services : none Available filters : [BWLIM] bwlim-in [BWLIM] bwlim-out [CACHE] cache [COMP] compression [FCGI] fcgi-app [SPOE] spoe [TRACE] trace Best regards, Sören Hellwig -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Montag, 30. Oktober 2023 17:58 An: Hellwig, Sören ; [email protected] Betreff: [EXT] Re: Question about syslog forwarding with HAProxy with keeping the client IP Hi, On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote: Hello Support-Team, we are using the HAProxy as load balancer for our Graylog servers. Which version of HAProxy? haproxy -vv The TCP based protocols works fine, but we have some trouble with the syslog forwarding. Our configuration file *haproxy.cfg* looks like this: log-forward syslog # accept incomming UDP messages dgram-bind 10.1.2.50:514 transparent # log message into ring buffer
AW: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP
Hello Alex, I can compile the version 2.8.3 from source and install the actual release of the 2.8 LTS version. Best regards, Sören Hellwig -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Mittwoch, 1. November 2023 15:36 An: Hellwig, Sören ; [email protected] Betreff: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP On 2023-11-01 (Mi.) 15:17, Hellwig, Sören wrote: > Hello Aleksandar, > > thank you for your reply. We are using HAproxy under SLES 15 SP4 and here is > the version info: > > srvkdgrllbp01:/etc/haproxy # haproxy -vv HAProxy version 2.8.0-fdd8154 > 2023/05/31 - https://haproxy.org/ > Status: long-term supported branch - will stop receiving fixes around Q2 2028. > Known bugs: http://www.haproxy.org/bugs/bugs-2.8.0.html Uff that's old. Can you update? Have you seen the rest of the answer in the previous mail, also? Regards Alex > Running on: Linux 5.14.21-150400.24.81-default #1 SMP PREEMPT_DYNAMIC > Tue Aug 8 14:10:43 UTC 2023 (90a74a8) x86_64 Build options : >TARGET = linux-glibc >CPU = generic >CC = cc >CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement > -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 > -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered > -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int > -Wno-atomic-alignment >OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 >DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS > > Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY > +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE > -LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH > -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL > -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL > -PROCCTL -PROMEX -PTHREAD_EMULATION -QUIC +RT +SHM_OPEN +SLZ +SSL > -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY > -WURFL -ZLIB > > Default settings : >bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, > default=2). > Built with OpenSSL version : OpenSSL 1.1.1l 24 Aug 2021 SUSE release > SUSE_OPENSSL_RELEASE Running on OpenSSL version : OpenSSL 1.1.1l 24 > Aug 2021 SUSE release 150400.7.53.1 OpenSSL library supports TLS > extensions : yes OpenSSL library supports SNI : yes OpenSSL library > supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : > Lua 5.3.6 Built with network namespace support. > Built with libslz for stateless compression. > Compression algorithms supported : identity("identity"), > deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with > transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND Built with PCRE version : 8.45 2021-06-15 Running on PCRE > version : 8.45 2021-06-15 PCRE library supports JIT : no (USE_PCRE_JIT > not set) Encrypted password support via crypt(3): yes Built with gcc > compiler version 7.5.0 > > Available polling systems : >epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available multiplexer protocols : > (protocols marked as cannot be specified using 'proto' keyword) > h2 : mode=HTTP side=FE|BE mux=H2flags=HTX|HOL_RISK|NO_UPG > fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG > : mode=HTTP side=FE|BE mux=H1flags=HTX > h1 : mode=HTTP side=FE|BE mux=H1flags=HTX|NO_UPG > : mode=TCP side=FE|BE mux=PASS flags= > none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG > > Available services : none > > Available filters : > [BWLIM] bwlim-in > [BWLIM] bwlim-out > [CACHE] cache > [COMP] compression > [FCGI] fcgi-app > [SPOE] spoe > [TRACE] trace > > Best regards, > Sören Hellwig > > -Ursprüngliche Nachricht- > Von: Aleksandar Lazic > Gesendet: Montag, 30. Oktober 2023 17:58 > An: Hellwig, Sören ; [email protected] > Betreff: [EXT] Re: Question about syslog forwarding with HAProxy with > keeping the client IP > > Hi, > > On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote: >> Hello Support-Team, >> >> we are using the HAProxy as load balancer for our Graylog servers. > > Which version of HAProxy? > > haproxy -vv > >> The TCP based protocols works fine, but we have some trouble with the >> syslog forwarding. >> >> Our configuration file *haproxy.cfg* looks like this: >> >> log-forward syslog >> >> # accept incomming UDP messages >> >> dgram-bind 10.1.2.50:514 transparent >> >> # log message into ring buffer >> >> log
