8.3. Advanced logging options

  1. Some advanced logging options are often looked for but are not easy to find out
  2. just by looking at the various options. Here is an entry point for the few
  3. options which can enable better logging. Please refer to the keywords reference
  4. for more information about their usage.

8.3.1. Disabling logging of external tests

  1. It is quite common to have some monitoring tools perform health checks on
  2. haproxy. Sometimes it will be a layer 3 load-balancer such as LVS or any
  3. commercial load-balancer, and sometimes it will simply be a more complete
  4. monitoring system such as Nagios. When the tests are very frequent, users often
  5. ask how to disable logging for those checks. There are three possibilities :
  6.  
  7.   - if connections come from everywhere and are just TCP probes, it is often
  8.     desired to simply disable logging of connections without data exchange, by
  9.     setting "option dontlognull" in the frontend. It also disables logging of
  10.     port scans, which may or may not be desired.
  11.  
  12.   - if the connection come from a known source network, use "monitor-net" to
  13.     declare this network as monitoring only. Any host in this network will then
  14.     only be able to perform health checks, and their requests will not be
  15.     logged. This is generally appropriate to designate a list of equipment
  16.     such as other load-balancers.
  17.  
  18.   - if the tests are performed on a known URI, use "monitor-uri" to declare
  19.     this URI as dedicated to monitoring. Any host sending this request will
  20.     only get the result of a health-check, and the request will not be logged.

8.3.2. Logging before waiting for the session to terminate

  1. The problem with logging at end of connection is that you have no clue about
  2. what is happening during very long sessions, such as remote terminal sessions
  3. or large file downloads. This problem can be worked around by specifying
  4. "option logasap" in the frontend. HAProxy will then log as soon as possible,
  5. just before data transfer begins. This means that in case of TCP, it will still
  6. log the connection status to the server, and in case of HTTP, it will log just
  7. after processing the server headers. In this case, the number of bytes reported
  8. is the number of header bytes sent to the client. In order to avoid confusion
  9. with normal logs, the total time field and the number of bytes are prefixed
  10. with a '+' sign which means that real numbers are certainly larger.

8.3.3. Raising log level upon errors

  1. Sometimes it is more convenient to separate normal traffic from errors logs,
  2. for instance in order to ease error monitoring from log files. When the option
  3. "log-separate-errors" is used, connections which experience errors, timeouts,
  4. retries, redispatches or HTTP status codes 5xx will see their syslog level
  5. raised from "info" to "err". This will help a syslog daemon store the log in
  6. a separate file. It is very important to keep the errors in the normal traffic
  7. file too, so that log ordering is not altered. You should also be careful if
  8. you already have configured your syslog daemon to store all logs higher than
  9. "notice" in an "admin" file, because the "err" level is higher than "notice".

8.3.4. Disabling logging of successful connections

  1. Although this may sound strange at first, some large sites have to deal with
  2. multiple thousands of logs per second and are experiencing difficulties keeping
  3. them intact for a long time or detecting errors within them. If the option
  4. "dontlog-normal" is set on the frontend, all normal connections will not be
  5. logged. In this regard, a normal connection is defined as one without any
  6. error, timeout, retry nor redispatch. In HTTP, the status code is checked too,
  7. and a response with a status 5xx is not considered normal and will be logged
  8. too. Of course, doing is is really discouraged as it will remove most of the
  9. useful information from the logs. Do this only if you have no other
  10. alternative.