Configure HAProxy Logging with Rsyslog on CentOS 8

Learn how to Configure HAProxy Logging with Rsyslog on CentOS 8 using clear commands, SELinux tweaks, and testing for reliable log output. Our Live Support team is always here to help you.

Configure HAProxy Logging with Rsyslog on CentOS 8

When setting up HAProxy on CentOS 8, logging is one of the most critical pieces you cannot ignore. Without proper logs, troubleshooting and monitoring become guesswork. In this guide, you’ll see how to Configure HAProxy Logging with Rsyslog on CentOS 8 step by step, using a Unix domain socket for reliability, speed, and security.

Installing and Enabling HAProxy

Start by installing HAProxy with:

sudo dnf install haproxy

When prompted Is this ok [y/N]:, type y and press RETURN.

Next, enable and start HAProxy:

sudo systemctl enable haproxy.service

sudo systemctl start haproxy.service

Check its status:

sudo systemctl status haproxy.service

You should see active (running). If not, check the HAProxy troubleshooting guide before proceeding.

Setting HAProxy Logging Directives

Edit the configuration file:

sudo vi /etc/haproxy/haproxy.cfg

Find the line log 127.0.0.1 local2 and comment it out:

#log 127.0.0.1 local2

Then, add the following line right after it:

log /dev/log local0

That section should now look like this:

# local2.* /var/log/haproxy.log

#

#log 127.0.0.1 local2

log /dev/log local0

chroot /var/lib/haproxy

pidfile /var/run/haproxy.pid

Now create the missing directory and restart HAProxy:

sudo mkdir /var/lib/haproxy/dev

sudo systemctl restart haproxy.service

At this point, HAProxy is sending logs to a Unix domain socket at /var/lib/haproxy/dev/log.

Configuring Rsyslog

Next, Rsyslog needs to listen for those logs. Create a new file:

sudo vi /etc/rsyslog.d/99-haproxy.conf

Add the following lines:

$AddUnixListenSocket /var/lib/haproxy/dev/log

# Send HAProxy messages to a dedicated logfile

:programname, startswith, "haproxy" {

/var/log/haproxy.log

stop

}

Check SELinux mode with:

getenforce

• Permissive or Disabled → Restart Rsyslog directly:

sudo systemctl restart rsyslog

• Enforcing → Continue with SELinux adjustments.

Adjusting SELinux (if enforcing)

Create a new policy file:

vi rsyslog-haproxy.te

Paste this:

module rsyslog-haproxy 1.0;

require {

type syslogd_t;

type haproxy_var_lib_t;

class dir { add_name remove_name search write };

class sock_file { create setattr unlink };

}

#============= syslogd_t ==============

allow syslogd_t haproxy_var_lib_t:dir { add_name remove_name search write };

allow syslogd_t haproxy_var_lib_t:sock_file { create setattr unlink };

Install required tools:

sudo dnf install checkpolicy

Compile and load the module:

checkmodule -M -m rsyslog-haproxy.te -o rsyslog-haproxy.mod

semodule_package -o rsyslog-haproxy.pp -m rsyslog-haproxy.mod

sudo semodule -i rsyslog-haproxy.pp

Confirm it’s loaded:

sudo semodule -l |grep rsyslog-haproxy

Restart Rsyslog:

sudo systemctl restart rsyslog

Testing HAProxy Logging

Now test by sending a request:

curl -si http://127.0.0.1:5000

You’ll get a 503 Service Unavailable response. Verify logs with:

sudo grep -E 'NOSRV.+503' /var/log/haproxy.log

If you see a matching entry, logging is working correctly.

[If needed, Our team is available 24/7 for additional assistance.]

Conclusion

That’s all it takes to Configure HAProxy Logging with Rsyslog on CentOS 8. You installed HAProxy, directed logs through a Unix domain socket, configured Rsyslog to capture them, handled SELinux where needed, and tested to confirm everything works. With this in place, you now have a clean, dedicated log file /var/log/haproxy.log to monitor and troubleshoot HAProxy with confidence.