Solved Fluent-BIT Haproxy Buffer SYSLOG-NG

M

mayers

I am configuring a haproxy instance so that I can reverse some services from one network to another, in particular I followed this guide https://www.haproxy.com/documentation/haproxy-configuration-tutorials/syslog-forwarding/ to forward the syslog logs to syslog-ng but they don't arrive with the correct IP address but with the one which is the gateway that routes on the syslog-ng network

Haproxy

Code: 
global

        log ring@logbuffer local5
        daemon
        maxconn 256

    defaults
        log global
        mode http
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms
        log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"



  log-forward syslog
  # Accepts incoming TCP messages
  bind 192.168.16.46:1514

  # Accepts incoming UDP messages
  dgram-bind 192.168.16.46:1514

  # Sends outgoing messages via UDP
  log ring@logbuffer local0

  ring logbuffer
  description "buffer for logs"
  format rfc5424
  maxlen 1500
  size 65536
  timeout connect 10s
  timeout server 20s

  # Sends outgoing messages via TCP
  server logserver 192.168.10.21:1514 check send-proxy-v2

Syslog-ng

Code: 
source s_remote {
    tcp(port(1514));
};


destination d_remote {
    file(
        "/var/log/remote/${HOST}/${YEAR}_${MONTH}_${DAY}.log"
        create-dirs(yes)
    );
};
log {
    source(s_remote);
    destination(d_remote);
};
 
I searched for a solution a lot, I also wrote on other forums without any response, however it is not a bug or an incorrect configuration. Haproxy if used as a syslog buffer does not forward the IP address of the client that generated the log. Otherwise, if you create a fronted TCP and a TCP backend that forwards to the syslog-ng with the snd-proxy-v2 option, the client's IP address appears in the log. As a recommendation I found using Fluen Bit. For the moment I intend to continue with Haproxy and use syslog-ng with json template and filter the log by searching for the device name.
 
Last edited:
Following further tests I tried fluten-bit and with a simple configuration I managed to obtain the forwarding of the logs to syslog-ng with the IP address of the client that generated the request


Code: 
[INPUT]
    Name     syslog
    Parser   syslog-rfc3164
    Listen   192.168.16.46
    Port     1514
    Mode     tcp
    Source_Address_Key hostname

[INPUT]
    Name     syslog
    Parser   syslog-rfc3164
    Listen   %address to bind%
    Port     1514
    Mode     udp

[OUTPUT]
    name                 syslog
    match                *
    host                 %server syslog%
    port                 %server port%
    mode                 tcp
    syslog_format        rfc3164
    syslog_maxsize       2048
    syslog_severity_key  severity
    syslog_facility_key  facility
    syslog_hostname_key  hostname
    syslog_appname_key   appname
    syslog_procid_key    procid
    syslog_msgid_key     msgid
    syslog_sd_key        sd
    syslog_message_key   message
 
You must log in or register to reply here.
Back
Top