HAProxy
Seer Box side configuration
To set HAProxy as the source, simply select the HAProxy value in the Log type field in step 3 of the traffic source creation.
No additional fields will be required.
Source side configuration
HAProxy can send log messages that can be processed by a syslog server. Seer Box takes advantage of this functionality to receive the HTTP traffic.
References
https://www.haproxy.com/blog/introduction-to-haproxy-logging
https://www.haproxy.com/blog/haproxy-log-customization/
Configuration file
/etc/haproxy/haproxy.cfg
Log format and submission
The log format you configure will contain all the information necessary for Seer Box to analyze incoming traffic.
Within the same configuration file, the directive for sending the logs must also be defined.
The complete configuration is shown below:
log IP_HOST_SB:PORT_SB local3 len 65535
http-request capture req.hdr(Host) len 100
http-request capture req.hdr(User-Agent) len 300
http-request capture req.hdr(Referer) len 300
http-request capture req.hdr(Accept) len 50
http-request capture req.hdr(Cookie) len 500
http-request capture req.hdr(Content-Type) len 50
http-request capture req.body len 5000
http-request capture req.hdr(X-Forwarded-For) len 200
http-request capture req.hdr(X-Real-Ip) len 20
declare capture response len 40
http-response capture res.hdr(Content-Type) id 0
log-format "%{+Q}o [%trg]|%si|%sp|%ci|%HM|%HP|%HQ|%HV|%H|%f|%b|%[capture.req.hdr(0)]|%[capture.req.hdr(1)]|%[capture.req.hdr(2)]|%[capture.req.hdr(3)]|%[capture.req.hdr(4)]|%[capture.req.hdr(5)]|%[capture.req.hdr(6)]|%[capture.req.hdr(7)]|%[capture.req.hdr(8)]|%U|%ST|%[capture.res.hdr(0)]|%B"
Variables to be replaced
IP_HOST_SB: IP address of the Seer Box instance.PORT_SB: the port of the Seer Box listening interface, related to the configured traffic source. The port number can be found under the source detailed information in the Seer Box web interface, onSettings - Traffic Sourcespage.