Tag Archives: default CLF format

8.2.4. Custom log format



The directive log-format allows you to customize the logs in http mode and tcp mode. It takes a string as argument.

HAproxy understands some custom log format variables. % precedes log format variables. Variables can take arguments using braces (‘{}’), and multiple arguments are separated by commas within the braces. Flags may be added or removed by prefixing them with a ‘+’ or ‘-‘ sign.

Special variable “%o” may be used to propagate its flags to all other variables on the same format string. This is particularly handy with quoted string formats (“Q”).

If a variable is named between square brackets (‘[‘ .. ‘]’) then it is used as a sample expression rule (see section 7.3). This it useful to add some less common information such as the client’s SSL certificate’s DN, or to log the key that would be used to store an entry into a stick table.

Note: spaces must be escaped. A space character is considered as a separator. In order to emit a verbatim ‘%’, it must be preceded by another ‘%’ resulting in ‘%%’. HAProxy will automatically merge consecutive separators.

Flags are :

  • Q: quote a string
  • X: hexadecimal representation (IPs, Ports, %Ts, %rt, %pid)

Example:

    log-format %T\ %t\ Some\ Text
    log-format %{+Q}o\ %t\ %s\ %{-Q}r

At the moment, the default HTTP format is defined this way :

log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r

the default CLF format is defined this way :

    log-format %{+Q}o\ %{-Q}ci\ -\ -\ [%T]\ %r\ %ST\ %B\ \"\"\ \"\"\ %cp\ %ms\ %ft\ %b\ %s\ \%Tq\ %Tw\ %Tc\ %Tr\ %Tt\ %tsc\ %ac\ %fc\ %bc\ %sc\ %rc\ %sq\ %bq\ %CC\ %CS\ \%hrl\ %hsl

and the default TCP format is defined this way :

    log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq

Please refer to the table below for currently defined variables :

R var field name (8.2.2 and 8.2.3 for description) type
%o special variable, apply flags on all next var
%B bytes_read (from server to client) numeric
H %CC captured_request_cookie string
H %CS captured_response_cookie string
%H hostname string
%ID unique-id string
%ST status_code numeric
%T gmt_date_time date
%Tc Tc numeric
%Tl local_date_time date
H %Tq Tq numeric
H %Tr Tr numeric
%Ts timestamp numeric
%Tt Tt numeric
%Tw Tw numeric
%U bytes_uploaded (from client to server) numeric
%ac actconn numeric
%b backend_name string
%bc beconn (backend concurrent connections) numeric
%bi backend_source_ip (connecting address) IP
%bp backend_source_port (connecting address) numeric
%bq backend_queue numeric
%ci client_ip (accepted address) IP
%cp client_port (accepted address) numeric
%f frontend_name string
%fc feconn (frontend concurrent connections) numeric
%fi frontend_ip (accepting address) IP
%fp frontend_port (accepting address) numeric
%ft frontend_name_transport ('~' suffix for SSL) string
%hr captured_request_headers default style string
%hrl captured_request_headers CLF style string list
%hs captured_response_headers default style string
%hsl captured_response_headers CLF style string list
%ms accept date milliseconds numeric
%pid PID numeric
H %r http_request string
%rc retries numeric
%rt request_counter (HTTP req or TCP session) numeric
%s server_name string
%sc srv_conn (server concurrent connections) numeric
%si server_IP (target address) IP
%sp server_port (target address) numeric
%sq srv_queue numeric
S %sslc ssl_ciphers (ex: AES-SHA) string
S %sslv ssl_version (ex: TLSv1) string
%t date_time (with millisecond resolution) date
%ts termination_state string
H %tsc termination_state with cookie status string

R = Restrictions : H = mode http only ; S = SSL only

Share Button