Enable HA-Proxy Logging

Introduction

This article describes the procedure to enable High Available-Proxy (HA-Proxy) logging in Cisco Policy Suite (CPS). HA-Proxy is used for high available load balancing. By default, for performance reasons, HA-Proxy does not log the messages. 

Note: You must enable the HA-Proxy logs only when you see a problem related to HA-Proxy.

Background Information

HA-Proxy logging needs to be enabled only when a potential problem related to HA-proxy, which cannot be identified by any other debug logs in the CPS system, is seen.

Procedure to Enable HA-Proxy Logs

All the steps need to be performed on the active load balancer Virtual Machine (VM) and must be repeated again in passive load balancer, so that whenever load balancer failover happens, HA-Proxy logging is taken care of.

1. Navigate to the haproxy.cfg file (/etc/haproxy/haproxy.cfg) and ensure that you have the same entry as shown in this image. By default, in most cases the log level is set to debug. Please change it to err, otherwise unnecessary logs are recorded.

2. Select the proxy for which you want to perform logging, there are many proxy configurations in HA-Proxy configuration file such as svn_proxy, pb_proxy, Portal_admin_proxy. Enabling HA-Proxy logging for svn_proxy is shown in this image.

 3. Edit the /etc/syslog.conf file and add the entry as shown in this image. Ensure that local1 has same name as in Step 1.

4. Edit the /etc/sysconfig/syslog file and change as shown in this image.  You just add r. This ensures logging in remote machines.

5. Edit the /etc/logroate.d/syslog file and ensure you add an entry for /var/log/haproxy.log as shown in this image.

7. Restart the syslogd and HA-Proxy process using the service syslog restart and service haproxy restart commands.