我一直按照这里的说明进行操作,https://www.haproxy.com/blog/introduction-to-haproxy-logging/,设置我们的日志记录。如文档所述,我创建了一个 rsyslog 配置文件 haprorxy_log.conf,并重新启动了 rsyslog:
# Collect log with UDP
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
# Creating separate log files based on the severity
local0.* /home/user1/logs/haproxy/haproxy.log
接下来,我将所需的规则放入配置文件的全局设置中:
global
log 127.0.0.1:514 local0
maxconn 4096
quiet
user root
group root
#/installs version
defaults
log global
mode http
retries 3
timeout client 3600s
timeout connect 3600s
timeout server 3600s
option httplog
balance roundrobin
到目前为止,我看到的唯一区别是,当我使用全局设置中的日志记录行启动 haproxy 时,它会将配置文件的警告输出到控制台。我没有在 /home/user1/logs/haproxy/ 下看到为此生成的文件。我还应该采取其他步骤吗?
答案1
我希望下面的配置会有所帮助,ubuntu18:04 haproxy 2.0.15 在我的情况下所有请求都已记录/var/log/haproxy.log
root@marat6c:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0 info
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend mywebsite
bind *:80
default_backend webservers
backend webservers
server web1 duckduckgo.com:80
root@marat6c:~# cat /etc/rsyslog.d/49-haproxy.conf
# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
:programname, startswith, "haproxy" {
/var/log/haproxy.log
stop
}