Is there any way to get proxy protocol support for logstash so that the indexer can see the originating IP/host for the connections if you have logstash sitting behind ELB or HAProxy?
Which inbound protocol(s)?
It would technically be for anything TCP based since the protocol (version 1 at least) is just a single line header added to the start of any tcp stream.
For my particular need, having it for the 'tcp', 'log4j', and 'syslog' inputs would cover everything I'm using.
A common use case would be a few logstash forwarders sitting behind an haproxy or Amazon ELB load balancer for failover handling.
From http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt :
`
The maximum line lengths the receiver must support including the CRLF are :
-
TCP/IPv4 :
"PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n"
=> 5 + 1 + 4 + 1 + 15 + 1 + 15 + 1 + 5 + 1 + 5 + 2 = 56 chars -
TCP/IPv6 :
"PROXY TCP6 ffff:f...f:ffff ffff:f...f:ffff 65535 65535\r\n"
=> 5 + 1 + 4 + 1 + 39 + 1 + 39 + 1 + 5 + 1 + 5 + 2 = 104 chars -
unknown connection (short form) :
"PROXY UNKNOWN\r\n"
=> 5 + 1 + 7 + 2 = 15 chars -
worst case (optional fields set to 0xff) :
"PROXY UNKNOWN ffff:f...f:ffff ffff:f...f:ffff 65535 65535\r\n"
=> 5 + 1 + 7 + 1 + 39 + 1 + 39 + 1 + 5 + 1 + 5 + 2 = 107 chars
`
Note - Amazon only does Proxy protocol v1. HAProxy supports v1 or v2. v2 is a more complex binary format. Support for v1 would be sufficient for now, but keep option for protocol version in mind when implementing configuration syntax.
Okay. Sounds like something reasonable to support. I suggest filing an issue at https://github.com/elastic/logstash/issues since it should be included in a core library. I wouldn't assume the team picks up feature requests from here.
Submitted