Differences

This shows you the differences between two versions of the page.

--- network:https_ipv4_over_ipv6:haproxy [2024/04/13 10:52] – admin
+++ network:https_ipv4_over_ipv6:haproxy [2024/04/13 11:24] (current) – admin
@@ Line 3: / Line 3: @@
 ## Logging
-More recent versions of HAProxy can log to stdout which is picked up by journalctl.
+.x versions of HAProxy can log to stdout which is picked up by journalctl.
+```
+global
+# enable to only log special events
+#    log /dev/log local0 info
+# enable to see connection logs using journalctl -f
+    log stdout format short daemon
+```
+.x versions are limited to syslog communication. This is relevant for El 8.
+## Logging the virtual host
+For http `option httplog` works well. Translates to:
+```
+    # strict equivalent of "option httplog"
+    log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \
+                %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+```
+For tcp/https passthrough there is less data available. To have a kind of equivalent output:
+```
+    # This is a TCP proxy
+    mode tcp
+    log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq {%[capture.req.hdr(0)]}"
+    acl clienthello req_ssl_hello_type 1
+    tcp-request inspect-delay 5s
+    # Used in custom log format. Needs to be before accept!
+    tcp-request content capture req.ssl_sni len 100
+    tcp-request content accept if clienthello
+```
+`option tcplog` will not capture SNI as TCP can also be any non TLS connection.