Hi everyone, wanted to ask for help regarding error logs and log silencing. I played around with silencing some monitoring hosts with the "set-log-level silent" option. During testing I noticed that silencing the logs worked, but only on "successfull" connections. As soon as the connect is regarded as some sort of failure, the silencing does not work and the log gets written. For example when you are recevinging TCP checks on a TLS listener, all of them are regarded as failures and hence don't get silenced. Cant find a solution in the descriptions provided via the cbonte.github.io docs configuration.html. Is there a reason error/failed connections are regarded differently when it comes to "set-log-level" ? Does it have to do with the connect not beeing in the stage of "tcp-request content", but "tcp-request connection" when the failure occurs? Do I have other options of working around this? Please find my configuration and information to reproduce the steps at the end. Thanks and best Regards, Micha OS: # grep PRETTY /etc/os-release PRETTY_NAME="Ubuntu 20.04.5 LTS" I tested with these 2 versions of haproxy: # haproxy -version HAProxy version 2.5.9-1ppa1~focal 2022/09/24 - https://haproxy.org/ Status: stable branch - will stop receiving fixes around Q1 2023. Known bugs: http://www.haproxy.org/bugs/bugs-2.5.9.html Running on: Linux 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64 # haproxy -version HAProxy version 2.6.6-1ppa1~focal 2022/09/22 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2027. Known bugs: http://www.haproxy.org/bugs/bugs-2.6.6.html Running on: Linux 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64 Here is the configuration i used (should work out of the box, once the snakeoil certs are symlinked). I used the openssl/nc commands at the end for testing (via localhost). # cat haproxy.cfg.set-log-level global log stdout format raw local0 info pidfile /var/run/haproxytest.pid crt-base /etc/ssl/private defaults timeout connect 3s timeout client 3s timeout server 3s frontend fend # ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.pem # ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.pem.key bind :1234 ssl crt ssl-cert-snakeoil.pem mode tcp log global no option dontlognull tcp-request content set-log-level silent if { src 127.0.0.1/32 } log-format "[%t] %ci:%cp > %fi:%fp %ft %b %s %Tw/%Tc/%Tt rtx:%U/%B %ts" #option log-separate-errors error-log-format 'ERROR: [%t] %ci:%cp > %fi:%fp %ft %b %s %Tw/%Tc/%Tt rtx:%U/%B %ts' default_backend bend backend bend server local-nc-k-l8000 localhost:8000 # echo | openssl s_client -connect localhost:1234 -quiet # echo | nc -vw1 localhost 1234
