How to Configure HAProxy Logging to Dedicated File Instead of syslog on Ubuntu 14.04


2 views

When setting up HAProxy 1.5 on Ubuntu 14.04 using the official PPA (ppa:vbernat/haproxy-1.5), many administrators encounter log management issues where HAProxy logs unexpectedly appear in /var/log/syslog instead of the intended /var/log/haproxy.log.

The solution involves proper coordination between two critical configuration files:

1. HAProxy Main Configuration

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    user haproxy
    group haproxy
    daemon

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull

2. Rsyslog Configuration

Create or modify /etc/rsyslog.d/49-haproxy.conf:

# Create additional socket for chroot environment
$AddUnixListenSocket /var/lib/haproxy/dev/log

# Log separation rules
if $programname startswith 'haproxy' then {
    action(type="omfile" file="/var/log/haproxy.log")
    stop
}

After making these changes, execute:

sudo service rsyslog restart
sudo service haproxy restart

Check log file permissions:

sudo touch /var/log/haproxy.log
sudo chown syslog:adm /var/log/haproxy.log
sudo chmod 640 /var/log/haproxy.log

For more granular logging control:

# Separate logs by facility
if $syslogfacility-text == 'local0' then {
    action(type="omfile" file="/var/log/haproxy-traffic.log")
    stop
}

if $syslogfacility-text == 'local1' then {
    action(type="omfile" file="/var/log/haproxy-admin.log")
    stop
}

Create /etc/logrotate.d/haproxy:

/var/log/haproxy*.log {
    daily
    missingok
    rotate 52
    compress
    delaycompress
    notifempty
    create 640 syslog adm
    sharedscripts
    postrotate
        reload rsyslog >/dev/null 2>&1 || true
    endscript
}

When you configure HAProxy 1.5 on Ubuntu 14.04 through the ppa:vbernat/haproxy-1.5 repository, the default logging configuration sends output to syslog rather than a dedicated haproxy.log file. This happens despite having what appears to be proper configuration in both:

/etc/haproxy/haproxy.cfg
/etc/rsyslog.d/

In your haproxy.cfg, you've correctly defined syslog facilities:

global
    log /dev/log    local0
    log /dev/log    local1 notice

And in rsyslog.d, you have the proper forwarding rule:

# Create an additional socket in haproxy's chroot
$AddUnixListenSocket /var/lib/haproxy/dev/log

# Forward HAProxy logs
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~

The most common causes for logs appearing in syslog instead of haproxy.log are:

  • Permission issues on the chroot directory
  • Missing rsyslog module for Unix sockets
  • Incorrect facility priority matching

Here's a verified configuration that works:

First, ensure permissions:

sudo mkdir -p /var/lib/haproxy/dev
sudo touch /var/lib/haproxy/dev/log
sudo chown -R haproxy:haproxy /var/lib/haproxy
sudo chmod -R 755 /var/lib/haproxy

Then modify your rsyslog configuration:

# Load required module
$ModLoad imuxsock

# Create socket in HAProxy's chroot
$AddUnixListenSocket /var/lib/haproxy/dev/log

# HAProxy logging rules
local0.* /var/log/haproxy.log
&~

local1.* /var/log/haproxy-notice.log
&~

Finally, restart both services:

sudo service rsyslog restart
sudo service haproxy restart

If logs still don't appear in the right place:

  1. Check that rsyslog is actually reading your config: sudo rsyslogd -N1
  2. Verify socket creation: sudo netstat -an | grep /var/lib/haproxy/dev/log
  3. Test HAProxy can write to socket: sudo -u haproxy logger -p local0.debug "test message"

For newer systems using journald, you might prefer:

global
    log stdout format raw local0

Then configure journald to forward to a file using journalctl -u haproxy and appropriate filters.