Re: Logs full TCP incoming and outgoing packets

2018-04-10 Thread florent 

Hello,


Thanks for answer. Yes, I would prefer to say no as well but I am not 
the CTO here ;) I thought about tcpdump as well even if it will kill the 
performance !



Anyway, I found in the ML archives some relevant informations like this 
one :



https://www.mail-archive.com/haproxy@formilux.org/msg25964.html


but in my case, it logs nothing. Trying to log the req.len gives a size 
of 0 for the buffer as well. I did something like that, in the frontend 
section :



frontend  localnode
modetcp
#option  tcplog
#log global
bind192.168.1.4:4300
default_backend uxdaemon
declare capture request len 80
tcp-request inspect-delay 3s
#tcp-request content capture dst len 15
tcp-request content capture req.payload(0,80) len 80
#tcp-request content capture req.len len 80
 log-format  "%[capture.req.hdr(0)]"

I tried with and without the

declare capture request len 80

just in case it was required to declared the buffer prior, but I have 
got nothing but a dash in the logs :/ Too, commented out "option tcp log 
" and "log global" as well but no changes.


Best regards,
Florent

Le 2018-04-10 02:24, Jonathan Matthews a écrit :

On 10 April 2018 at 00:04,   wrote:

Hello everybody,

For an application, I use haproxy in TCP mode but I would need to log, 
from
the main load balancer machine, all the TCP transactions (incoming 
packets
sent to the node then the answer that is sent back from the node to 
the

client through the haproxy load balancer machine).

Is it possible to do such a thing ? I started to dig in the ML and 
found few
information about capturing the tcp-request, which does not work for 
now...
and I need the response as well... so preferred to ask if someone have 
got

an experience doing this. Sure, it will have a performance penalty but
exhaustive logging is more important than that and it it the best 
solution

to avoid a lot of changes in the existing infrastructure we just
load-balanced.


I don't believe this is possible inside haproxy right now.

If I *had* to do this, I'd start by saying "no", and then I'd work out
how to run a tcpdump process on the machine with carefully tuned
filters and a -w parameter. Then I'd drink something strong.

J

Re: Logs full TCP incoming and outgoing packets

2018-04-09 Thread Jonathan Matthews 
On 10 April 2018 at 00:04,   wrote:
> Hello everybody,
>
> For an application, I use haproxy in TCP mode but I would need to log, from
> the main load balancer machine, all the TCP transactions (incoming packets
> sent to the node then the answer that is sent back from the node to the
> client through the haproxy load balancer machine).
>
> Is it possible to do such a thing ? I started to dig in the ML and found few
> information about capturing the tcp-request, which does not work for now...
> and I need the response as well... so preferred to ask if someone have got
> an experience doing this. Sure, it will have a performance penalty but
> exhaustive logging is more important than that and it it the best solution
> to avoid a lot of changes in the existing infrastructure we just
> load-balanced.

I don't believe this is possible inside haproxy right now.

If I *had* to do this, I'd start by saying "no", and then I'd work out
how to run a tcpdump process on the machine with carefully tuned
filters and a -w parameter. Then I'd drink something strong.

J