Tag Archives: logging

8.3.4. Disabling logging of successful connections



Although this may sound strange at first, some large sites have to deal with multiple thousands of logs per second and are experiencing difficulties keeping them intact for a long time or detecting errors within them.

If the option “dontlog-normal” is set on the frontend, all normal connections will not be logged. In this regard, a normal connection is defined as one without any error, timeout, retry nor redispatch. In HTTP, the status code is checked too, and a response with a status 5xx is not considered normal and will be logged
too.

Of course, doing is is really discouraged as it will remove most of the useful information from the logs. Do this only if you have no other alternative.

Share Button

8. Logging



One of HAProxy’s strong points certainly lies is its precise logs. It probably provides the finest level of information available for such a product, which is very important for troubleshooting complex environments.

Standard information provided in logs include client ports, TCP/HTTP state timers, precise session state at termination and precise termination cause, information about decisions to direct traffic to a server, and of course the ability to capture arbitrary headers.

In order to improve administrators reactivity, it offers a great transparency about encountered problems, both internal and external, and it is possible to send logs to different sources at the same time with different level filters :

  • global process-level logs (system errors, start/stop, etc..)
  • per-instance system and internal errors (lack of resource, bugs, …)
  • per-instance external troubles (servers up/down, max connections)
  • per-instance activity (client connections), either at the establishment or at the termination.

The ability to distribute different levels of logs to different log servers allow several production teams to interact and to fix their problems as soon as possible.

For example, the system team might monitor system-wide errors, while the application team might be monitoring the up/down for their servers in real time, and the security team might analyze the activity logs with one hour
delay.

Share Button