How-To: Log HAProxy messages only once

1 minute read

When enabling logs with HAProxy on a busy web site, hard disk space can quickly become a scarce resource.

The reason is that, most of the time, HAProxy is set to use local0 facility which tend to write logs to a bunch of files in /var/log such as messages

Thanks to rsyslog, we will be able to canalize those logs to a more appropriate location and only once, saving a bunch of disk space.

This tutorial will go over the steps required to accomplish this set up.

more

This how-to is based on Debian Lenny, but I believe settings are pretty much the same on the actual stable: Debian Squeeze.

In our setup, we are going to log HAProxy messages in a dedicated directory in order avoid getting too many files in /var/log. Here, I have chosen /var/log/haproxy.

So let’s get started and create that directory:

# mkdir /var/log/haproxy

Then, we tell HAProxy to log info and notice messages. this is done by editing /etc/haproxy/haproxy.cfg as follow:

...
global
     log /dev/log   local0 info
     log /dev/log   local0 notice
....
....

Then, we tell rsyslog to catch those messages and write them in a specific file. Create and edit /etc/rsyslog.d/haproxy.conf woth:

if ($programname == 'haproxy' and $syslogseverity-text == 'info') then -/var/log/haproxy/haproxy-info.log
& ~
if ($programname == 'haproxy' and $syslogseverity-text == 'notice') then -/var/log/haproxy/haproxy-notice.log
& ~

Finally, we need to tell logrotate how to rotate those logs. This is done by Creating and editing /etc/logrotate.d/haproxy with:

/var/log/haproxy/*.log {
        weekly
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                /etc/init.d/haproxy reload > /dev/null
        endscript
}

Which basically rotate the file every week and keep 7 week worth of copies.

Now, everything should be set up properly, we just have to restart rsyslog and haproxy to take those new changes into account:

/etc/init.d/rsyslog reload
 /etc/init.d/haproxy reload

That’s it, now, your notice and info message from haproxy should be in separate files and only there, not in 4 or 5 of them in /var/log.