haproxy logging on mac osx

Question

Does anyone know where does haproxy write logs on a mac osx? I want to log the secure cookies coming to my rails backend using capture cookie _secure len 32 .

I checked the Console.app, but the logs do not show up over there.

Answer 1

HAProxy logs to syslog so you were correct to check Console.app to view the output.

The problem is that on OSX you first need to set up syslog to include it's network listener.

Here are the instructions that worked for me [source] :

 HA Proxy Logging on Lion
 -------------------------

 # To enable haproxy logging we need to change syslogd
 # startup procedure to include its network listener.

 # Backup syslogd start up file
 sudo cp /System/Library/LaunchDaemons/com.apple.syslogd.plist   /System/Library/LaunchDaemons/com.apple.syslogd.plist.bakup


 # Convert binary file to xml to be human readable / editable
 sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.syslogd.plist

 # Edit /System/Library/LaunchDaemons/com.apple.syslogd.plist 
 # and add the following snippet under the sockets  node

 <key>NetworkListener</key>
 <dict>
   <key>SockServiceName</key>
   <string>syslog</string>
   <key>SockType</key>
   <string>dgram</string>
 </dict>

 # Should read like this now
 <key>Sockets</key>
 <dict>
    <key>AppleSystemLogger</key>
    <dict>
        <key>SockPathMode</key>
        <integer>438</integer>
        <key>SockPathName</key>
        <string>/var/run/asl_input</string>
    </dict>
    <key>BSDSystemLogger</key>
    <dict>
        <key>SockPathMode</key>
        <integer>438</integer>
        <key>SockPathName</key>
        <string>/var/run/syslog</string>
        <key>SockType</key>
        <string>dgram</string>
    </dict>
    <key>NetworkListener</key>
    <dict>
        <key>SockServiceName</key>
        <string>syslog</string>
        <key>SockType</key>
        <string>dgram</string>
    </dict>
 </dict>

 # Save the file

 # Convert back to binary file
 sudo plutil -convert binary1 /System/Library/LaunchDaemons/com.apple.syslogd.plist

 # Restart syslogd
 sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
 sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

 # I added the following entry to /etc/syslog.conf
 local2.*                       /var/log/haproxy.log

 # Include logging options in haproxy.cfg
 global
    log 127.0.0.1   local2 debug

 defaults
    mode http
    option httplog
    log global


 # Restart HAproxy

Answer 2

Seeing as I'm unable to comment (boo, reputation) I would like to add the following to alanning:

In case you are running OS X 10.11+ (El Capitan or newer) and are unable to copy the plist file (even with sudo), you might be confronted with Apple's new System Integrity Protection.

To disable SIP:

1. Reboot into recovery mode (reboot and hold down Cmd-R)
2. Open a terminal
3. Use this command: csrutil disable
4. Reboot and run the command that worked prior to El Capitan

It is highly recommended that you re-enable SIP by following the same steps, but using csrutil enable in step 3.

Reference:

How to disable rootless mode on Stack Overflow

System Integrity Protection on Apple.com

Answer 3

Use dtruss on haproxy to see where they are being written. You should see file I/O syscalls come through while you are watching it.

Better yet, it's open source. Just look at the code.