From 497df9b4d1e08d980d595c2d2cca6c09d1c4fedd Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 30 Jun 2020 19:42:59 +0000 Subject: [PATCH] Add backend source port to haproxy logs When forwarding TCP sockets at OSI layer 4 with haproxy, it helps to know the ephemeral port from which it sources each connection to the backend. In this way, backend connections can be mapped to actual client IP addresses by correlating backend service access logs with haproxy logs. Add "[%bi]:%bp" between the frontend name and backend name values for the default log-format documented here: https://www.haproxy.com/blog/haproxy-log-customization/ Change-Id: Ic2623d483d98cd686a85d40bc4f2e8577fb9087f --- playbooks/roles/haproxy/templates/haproxy.cfg.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/haproxy/templates/haproxy.cfg.j2 b/playbooks/roles/haproxy/templates/haproxy.cfg.j2 index 1c31d07859..2a9f9604f4 100644 --- a/playbooks/roles/haproxy/templates/haproxy.cfg.j2 +++ b/playbooks/roles/haproxy/templates/haproxy.cfg.j2 @@ -7,6 +7,7 @@ global stats socket /var/haproxy/run/stats uid 1000 gid 1000 mode 0600 level admin defaults + log-format "%ci:%cp [%t] %ft [%bi]:%bp %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq" log global maxconn 8000 option redispatch