Welcome! Log In Create A New Profile

Advanced

Logs full TCP incoming and outgoing packets

Posted by Anonymous User 
Anonymous User
Logs full TCP incoming and outgoing packets
April 10, 2018 01:10AM
Hello everybody,


For an application, I use haproxy in TCP mode but I would need to log,
from the main load balancer machine, all the TCP transactions (incoming
packets sent to the node then the answer that is sent back from the node
to the client through the haproxy load balancer machine).


Is it possible to do such a thing ? I started to dig in the ML and found
few information about capturing the tcp-request, which does not work for
now... and I need the response as well... so preferred to ask if someone
have got an experience doing this. Sure, it will have a performance
penalty but exhaustive logging is more important than that and it it the
best solution to avoid a lot of changes in the existing infrastructure
we just load-balanced.


Best regards,
Florent
Jonathan Matthews
Re: Logs full TCP incoming and outgoing packets
April 10, 2018 02:30AM
On 10 April 2018 at 00:04, <[email protected]> wrote:
> Hello everybody,
>
> For an application, I use haproxy in TCP mode but I would need to log, from
> the main load balancer machine, all the TCP transactions (incoming packets
> sent to the node then the answer that is sent back from the node to the
> client through the haproxy load balancer machine).
>
> Is it possible to do such a thing ? I started to dig in the ML and found few
> information about capturing the tcp-request, which does not work for now...
> and I need the response as well... so preferred to ask if someone have got
> an experience doing this. Sure, it will have a performance penalty but
> exhaustive logging is more important than that and it it the best solution
> to avoid a lot of changes in the existing infrastructure we just
> load-balanced.

I don't believe this is possible inside haproxy right now.

If I *had* to do this, I'd start by saying "no", and then I'd work out
how to run a tcpdump process on the machine with carefully tuned
filters and a -w parameter. Then I'd drink something strong.

J
Anonymous User
Re: Logs full TCP incoming and outgoing packets
April 10, 2018 05:00PM
Hello,


Thanks for answer. Yes, I would prefer to say no as well but I am not
the CTO here ;) I thought about tcpdump as well even if it will kill the
performance !


Anyway, I found in the ML archives some relevant informations like this
one :


https://www.mail-archive.com/[email protected]/msg25964.html


but in my case, it logs nothing. Trying to log the req.len gives a size
of 0 for the buffer as well. I did something like that, in the frontend
section :


frontend localnode
mode tcp
# option tcplog
# log global
bind 192.168.1.4:4300
default_backend uxdaemon
declare capture request len 80
tcp-request inspect-delay 3s
# tcp-request content capture dst len 15
tcp-request content capture req.payload(0,80) len 80
# tcp-request content capture req.len len 80
log-format "%[capture.req.hdr(0)]"

I tried with and without the

declare capture request len 80

just in case it was required to declared the buffer prior, but I have
got nothing but a dash in the logs :/ Too, commented out "option tcp log
" and "log global" as well but no changes.

Best regards,
Florent

Le 2018-04-10 02:24, Jonathan Matthews a écrit :
> On 10 April 2018 at 00:04, <[email protected]> wrote:
>> Hello everybody,
>>
>> For an application, I use haproxy in TCP mode but I would need to log,
>> from
>> the main load balancer machine, all the TCP transactions (incoming
>> packets
>> sent to the node then the answer that is sent back from the node to
>> the
>> client through the haproxy load balancer machine).
>>
>> Is it possible to do such a thing ? I started to dig in the ML and
>> found few
>> information about capturing the tcp-request, which does not work for
>> now...
>> and I need the response as well... so preferred to ask if someone have
>> got
>> an experience doing this. Sure, it will have a performance penalty but
>> exhaustive logging is more important than that and it it the best
>> solution
>> to avoid a lot of changes in the existing infrastructure we just
>> load-balanced.
>
> I don't believe this is possible inside haproxy right now.
>
> If I *had* to do this, I'd start by saying "no", and then I'd work out
> how to run a tcpdump process on the machine with carefully tuned
> filters and a -w parameter. Then I'd drink something strong.
>
> J
Sorry, only registered users may post in this forum.

Click here to login