Messages all blank

[pndiku]

Does it work with Graylog 3.1?

Followed all the instructions but I get blank messages

This is my rsyslog.d/49-graylog.conf

$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\$
local0.=info -/var/log/haproxy/haproxy.log;GRAYLOGRFC5424
local0.=info @graylog:12211;GRAYLOGRFC5424
& stop

And here is what I get in the haproxy.log (IPs and server names scrubbed)

<134>0 2020-02-16T14:18:54+00:00 11891690394b haproxy 1 - -  X.X.X.X:31494 [16/Feb/2020:14:18:54.095] external~ apache/apache 0/0/0/4/4 200 10618 - - ---- 1/1/0/1/0 0/0 {XXXXXXXXX|Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36||Y.Y.Y.Y} "GET /index.htm?=& HTTP/1.1"$

[xdasde]

change "log format" in haproxy.cfg to log-format "{\"haproxy_clientIP\":\"%ci\",\"haproxy_clientPort\":\"%cp\",\"haproxy_dateTime\":\"%t\",\"haproxy_frontendNameTransport\":\"%ft\",\"haproxy_backend\":\"%b\",\"haproxy_serverName\":\"%s\",\"haproxy_Tw\":\"%Tw\",\"haproxy_Tc\":\"%Tc\",\"haproxy_Tt\":\"%Tt\",\"haproxy_bytesRead\":\"%B\",\"haproxy_terminationState\":\"%ts\",\"haproxy_actconn\":%ac,\"haproxy_FrontendCurrentConn\":%fc,\"haproxy_backendCurrentConn\":%bc,\"haproxy_serverConcurrentConn\":%sc,\"haproxy_retries\":%rc,\"haproxy_srvQueue\":%sq,\"haproxy_backendQueue\":%bq,\"haproxy_backendSourceIP\":\"%bi\",\"haproxy_backendSourcePort\":\"%bp\",\"haproxy_statusCode\":\"%ST\",\"haproxy_serverIP\":\"%si\",\"haproxy_serverPort\":\"%sp\",\"haproxy_frontendIP\":\"%fi\",\"haproxy_frontendPort\":\"%fp\",\"haproxy_capturedRequestHeaders\":\"%hr\",\"haproxy_httpRequest\":\"%r\"}"

[hariom282538]

Does it work with Graylog 3.1?

Followed all the instructions but I get blank messages

This is my rsyslog.d/49-graylog.conf

$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\$
local0.=info -/var/log/haproxy/haproxy.log;GRAYLOGRFC5424
local0.=info @graylog:12211;GRAYLOGRFC5424
& stop

And here is what I get in the haproxy.log (IPs and server names scrubbed)

<134>0 2020-02-16T14:18:54+00:00 11891690394b haproxy 1 - -  X.X.X.X:31494 [16/Feb/2020:14:18:54.095] external~ apache/apache 0/0/0/4/4 200 10618 - - ---- 1/1/0/1/0 0/0 {XXXXXXXXX|Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36||Y.Y.Y.Y} "GET /index.htm?=& HTTP/1.1"$

Yes, Compatible with HA-Proxy version 1.8 and Graylog 3.1. Try changing log-format as described by content-pack.