Open dianabarsan opened 1 year ago
I've looked for a solution for this, but haven't found anything that would have haproxy log after the full request was received, and maybe rightly so? It may be the case we reevaluate which tool we use for auditing. I recently needed to inspect a suspicious doc change, where scanning audit logs would have been helpful. Unfortunately, body content was truncated and I could not see the change I was interested in.
Describe the bug We are using
haproxy
logs as an auditing tool. However,haproxy
has a severe limitation where it will not log the full body of a long post request.To Reproduce Steps to reproduce the behavior:
_bulk_docs
requests. Look at the body that is logged. Copy the body and load it up in a JSON parser.Expected behavior We rely on haproxy logs as an audit trail. This means that the whole body of the write request should be logged. It is not.
Logs Example of logged haproxy
_bulk_docs
that truncates body: https://gist.githubusercontent.com/dianabarsan/205d23ef1761812ef880c4a6990ecdd6/raw/f1f3e644791d2977aa4ff94597838094a9dead51/gistfile1.txtEnvironment
Additional context This is related to haproxy logging on request received, not on request complete. If the request body is chunked, only the first chunk will be logged.
https://docs.haproxy.org/2.0/configuration.html#7.3.6-req.body