MINOR: log: add dont-parse-log and assume-rfc6587-ntf options

This commit introduces the dont-parse-log option to disable log message
parsing, allowing raw log data to be forwarded without modification.

Also, it adds the assume-rfc6587-ntf option to frame log messages
using only non-transparent framing as per RFC 6587. This avoids
missparsing in certain cases (mainly with non RFC compliant messages).

The documentation is updated to include details on the new options and
their intended use cases.

This feature was discussed in GH #2856

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 941073c92c3f1db9ded28fd53dad15f311738817..d7f7e2e051f6fdd93177b5a33b98250bd6c6a566 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -5358,6 +5358,18 @@ maxconn <conns>
 timeout client <timeout>
   Set the maximum inactivity time on the client side.
 
+option assume-rfc6587-ntf
+  Directs HAProxy to treat incoming TCP log streams always as using
+  non-transparent framing. This option simplifies the framing logic and ensures
+  consistent handling of messages, particularly useful when dealing with
+  improperly formed starting characters.
+
+option dont-parse-log
+  Enables HAProxy to relay syslog messages without attempting to parse and
+  restructure them, useful for forwarding messages that may not conform to
+  traditional formats. This option should be used with the format raw setting on
+  destination log targets to ensure the original message content is preserved.
+
 3.11. HTTPClient tuning
 -----------------------
 

diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h
index 407a999472ce6826a9a24d6eac9a78d4426a54af..79b6499dc737a6c4292f058a8465ae76d278b958 100644 (file)
--- a/include/haproxy/proxy-t.h
+++ b/include/haproxy/proxy-t.h
@@ -155,7 +155,12 @@ enum PR_SRV_STATE_FILE {
 #define PR_O2_RSTRICT_REQ_HDR_NAMES_DEL  0x00800000 /* remove request header names containing chars outside of [0-9a-zA-Z-] charset */
 #define PR_O2_RSTRICT_REQ_HDR_NAMES_NOOP 0x01000000 /* preserve request header names containing chars outside of [0-9a-zA-Z-] charset */
 #define PR_O2_RSTRICT_REQ_HDR_NAMES_MASK 0x01c00000 /* mask for restrict-http-header-names option */
-/* unused : 0x0000000..0x80000000 */
+
+/* bits for log-forward proxies */
+#define PR_O2_DONTPARSELOG       0x02000000 /* don't parse log messages */
+#define PR_O2_ASSUME_RFC6587_NTF 0x04000000 /* assume that we are going to receive just non-transparent framing messages */
+
+/* unused : 0x08000000 */
 
 /* server health checks */
 #define PR_O2_CHK_NONE  0x00000000      /* no L7 health checks configured (TCP by default) */

diff --git a/src/log.c b/src/log.c
index 14f05bfd811f0be8424920fd930cee16cb80c469..17a716e75204f9b90783245935b0364a513b292d 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -5724,9 +5724,11 @@ void syslog_fd_handler(int fd)
        int level;
        int facility;
        struct listener *l = objt_listener(fdtab[fd].owner);
+       struct proxy *frontend;
        int max_accept;
 
        BUG_ON(!l);
+       frontend = l->bind_conf->frontend;
 
        if (fdtab[fd].state & FD_POLL_IN) {
 
@@ -5754,13 +5756,14 @@ void syslog_fd_handler(int fd)
 
                        /* update counters */
                        _HA_ATOMIC_INC(&cum_log_messages);
-                       proxy_inc_fe_req_ctr(l, l->bind_conf->frontend, 0);
+                       proxy_inc_fe_req_ctr(l, frontend, 0);
 
                        prepare_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
 
-                       parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
+                       if (!(frontend->options2 & PR_O2_DONTPARSELOG))
+                               parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
 
-                       process_send_log(NULL, &l->bind_conf->frontend->loggers, level, facility, metadata, message, size);
+                       process_send_log(NULL, &frontend->loggers, level, facility, metadata, message, size);
 
                } while (--max_accept);
        }
@@ -5806,7 +5809,7 @@ static void syslog_io_handler(struct appctx *appctx)
                else if (to_skip < 0)
                        goto cli_abort;
 
-               if (c == '<') {
+               if (c == '<' || (frontend->options2 & PR_O2_ASSUME_RFC6587_NTF)) {
                        /* rfc-6587, Non-Transparent-Framing: messages separated by
                         * a trailing LF or CR LF
                         */
@@ -5872,7 +5875,8 @@ static void syslog_io_handler(struct appctx *appctx)
 
                prepare_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
 
-               parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
+               if (!(frontend->options2 & PR_O2_DONTPARSELOG))
+                       parse_log_message(buf->area, buf->data, &level, &facility, metadata, &message, &size);
 
                process_send_log(NULL, &frontend->loggers, level, facility, metadata, message, size);
 

diff --git a/src/proxy.c b/src/proxy.c
index e0dad6b5189527f9f3992e2f03dfe4b7d327febb..c3b3467be47a6eda34dbaad53a59fc32903b19d8 100644 (file)
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -131,6 +131,8 @@ const struct cfg_opt cfg_opts2[] =
        {"h1-case-adjust-bogus-client",   PR_O2_H1_ADJ_BUGCLI, PR_CAP_FE, 0, 0 },
        {"h1-case-adjust-bogus-server",   PR_O2_H1_ADJ_BUGSRV, PR_CAP_BE, 0, 0 },
        {"disable-h2-upgrade",            PR_O2_NO_H2_UPGRADE, PR_CAP_FE, 0, PR_MODE_HTTP },
+       {"assume-rfc6587-ntf",            PR_O2_ASSUME_RFC6587_NTF, PR_CAP_FE, 0, PR_MODE_SYSLOG },
+       {"dont-parse-log",                PR_O2_DONTPARSELOG, PR_CAP_FE, 0, PR_MODE_SYSLOG },
        { NULL, 0, 0, 0 }
 };