Haproxy - to graylog port stream

Hello!

I’m trying to setup an haproxy which balance to a graylog stream, the frontend in haproxy will be the url but the thing is that in the backend I need to set the graylog stream port (12510) but this port is marked as non open in haproxy…

Do you have any idea how can I set it up?, or if I have to use the api port of graylog and indicate the stream there…

Thanks in advance

1 Like

Hi there,

If HAProxy is acting as your load balancer, then you’ll have to write corresponding rules for it to load balance traffic to your inputs. Let’s take the example in Web interface — Graylog 4.0.0 documentation.

frontend http
    bind 0.0.0.0:80

    option forwardfor
    http-request add-header X-Forwarded-Host %[req.hdr(host)]
    http-request add-header X-Forwarded-Server %[req.hdr(host)]
    http-request add-header X-Forwarded-Port %[dst_port]
    acl is_graylog hdr_dom(host) -i -m str graylog.example.org
    use_backend     graylog if is_graylog

backend graylog
    description     The Graylog Web backend.
    http-request set-header X-Graylog-Server-URL http://graylog.example.org/
    use-server graylog_1
    server graylog_1 127.0.0.1:9000 maxconn 20 check

^ Is pulled directly from the docs.

If you’re going to load balance to an input port, you have to add those ports both in your frontend and in your backend directives. Does this make sense?

1 Like

Hello Aaron,
thanks for you response :slight_smile:

And yes, I saw it in the documentation, but my issue come in the backend configuration, in that part:

    server graylog_1 127.0.0.1:9000 maxconn 20 check

I need to set there the port stream, something like (example):

    server graylog_1 192.168.1.100:12450 maxconn 20 check

But the HAproxy mark that backend as wrong due to the port 12450 is not open at all, it works if I send a command:

echo -n '{ "version": "1.1", "host": "test.com", "short_message": "test request", "level": 5, "_some_info": "foo" }' | nc -w1 -u 192.168.1.100 12450

Do you have any idea how can I set it up and the haproxy not make it wrong?

Thanks in advance

Hello!

I found that the issue can come from the protocol UDP that the streams use, I realize that using the command that I say, we use UDP, instead, if we use it TCP it doesn’t works…
Is there any possibility to expose the streams via TCP too? or send the logs via HTTP with tcp?

thanks in a

So loadbalancing UDP via Haproxy is a documented limitation. What’s the current input that you’re using? Many of the inputs in Graylog are TCP–you should be able to just change the input to a TCP one.

Hello Aaron,

Yes, I saw some similar issues regarding HAproxy and UDP…

So, as input, I have:

Raw/Plaintext UDP

GELF UDP

Is it possible to change them?

Thanks in advance

Hi there,

Yes, you can spin up those same inputs in the UI as TCP inputs.

1 Like

Hello Aaron,

Ok, I will try to modify the inputs to UPD :slight_smile:

Thanks for your response!