> in my opinion I do not need a transparent proxy. my rsyslog nodes > directly connect to an ip address which is configured on the haproxy > server. So I don't need non_local_bind and no tproxy?
Mmh, I'm not sure. Try: source usesrc clientip Where is the real IP from HAproxy. That way tproxy4 is not used, but the client still connects from the clientip. You will have to play around with those things a bit, especially your case is not exactly common. Check tcpdumps and strace haproxy with those configurations. I still don't get what you are doing: TLS encrypted logs come from localhost basically, and you are sending them unencrypted to your remote backend? Why not just send unencrypted logs directly to your backend? Lukas