HAPRoxy Logstash Grok Parse Failure
This is my log entry from HAProxy (pfsense haproxy package)
"message": "<142>Apr 27 02:24:00 haproxy[37279]: 162.158.155.249:54250 [27/Apr/2020:02:24:00.173] shared-frontend-merged~ example.com_ipvANY/emaple.com 0/0/192/170/363 200 3411 - - ---- 2/2/0/1/0 0/0 \"GET / HTTP/1.1\"\n",
I have default grok enabled in logstash but i still get log parse failure. is it because the logs have appended syslog header ?
grok {
match => { "message" => "%{HAPROXYHTTP}" }
}
can anyone help me with correct grok ?
Thnaks.
This solved my issue.
Hello, I am using logstash to ship haproxy logs to my elk stack.
MY haproxy configuration -
global
log 127.0.0.1:10514 local0
chroot /var/lib/haproxy
user haproxy
group haproxy
maxconn 55550
maxcompcpuusage 100
maxcomprate 0
nbproc 1
ssl-server-verify none
daemon
Logstash configuration -
input {
udp {
host => "0.0.0.0"
port => 10514
type => "logs"
}
}
filter {
grok {
match => ["message", "%{HAPROXYHTTP}"]
}
}
output {
elasticsearch {…
system
(system)
Closed
May 25, 2020, 10:15am
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.