On Sat, Mar 07, 2009 at 07:50:26PM +0800, Jeffrey 'jf' Lim wrote:
> > Probably that the feature will be improved so that we can decide by
> > configuration what type of errors should cause the request/response
> > to be captured.
> >
>
> or where it should get logged to? it sounds like right now it's only
> getting logged to memory.
only the last request/response per frontend/backend gets logged in
memory. You can consult them by issuing "show errors" on the unix
stats socket, for instance :
# echo "show errors" | socat stdio /var/run/haproxy.sock
> (I mean, how about on disk? although, of
> course conversely, we want to prevent attacks from overwhelming our
> disk as well...)
no, haproxy will never write anything to disk for 2 reasons :
- it's supposed to be chrooted in an empty, read-only directory
for obvious security reasons. Eventhough no break-in was ever
reported, the risk of a bug increases with the number of new
features.
- async I/O are not present on all systems and are rarely fully
async, so any FS access will cause small pauses to the whole
process.
Regards,
Willy
