Ask questionsIncrease support of log formats in haproxy filebeat module

During the investigation of #8301 issue we identified some patterns that could be added to the initial module implemented for haproxy (#8014):

  • [x] Rename fileset from http to log, as the same log file can contain info about tcp connections and other general errors too #8405
  • [ ] Add supported formats to documentation
  • [x] Check if http log entries without captured headers can be parsed, if not, make captured headers optional. Add tests for that in any case. #9463 #9958
  • [x] Support logs generated with option tcplog. #8526 #8637
Feb  6 12:12:56 localhost haproxy[14387]: [06/Feb/2009:12:12:51.443] fnt bck/srv1 0/0/5007 212 -- 0/0/0/0/3 0/0
  • [x] Support the default (though also deprecated) format used when no other option is used. #8428 #8637
Feb  6 12:12:09 localhost haproxy[14385]: Connect from to  (www/HTTP)
  • [ ] Add pattern for server UP/DOWN logs like:
Sep 13 15:51:16 debian8-haproxy haproxy[5988]: Server mysvc/myserver01 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
  • [ ] Add catch-all pattern for general log messages like:
Sep 13 15:51:15 debian8-haproxy haproxy[5988]: backend myservers has no server available!
  • [ ] Investigate issue with syslog log lines #13995
  • [ ] Add protocol to TCP and HTTP log lines in haproxy.mode. Right now, only HAProxy default format outputs a mode field pointing if the log line is either HTTP or TCP. But the HTTP and TCP logs doesn't actually show anything like this.
  • [ ] Parse timestamps taking into account the timezone for logs without timezone.

Answer questions andrask

#13995 was closed automatically but it has not been fixed, I believe.

Github User Rank List