Month: 二月 2010

How to use socat with haproxy stat

How to use socat with haproxy stat

*** Introduction –

All you know about the haproxy, that its the one of the good opensource load balancing software and to check the fun stats of haproxy here we using ‘socat’ – Multipurpose relay (SOcket CAT)

* What is socat?

Socat  is  a  command  line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address  types),  and  because  lots  of address options may be applied to the streams, socat can be used for many different purposes.(see more info at ‘man socat’ 🙂 or at

* How to use ‘socat’ with haproxy stat

Step 1) Download ‘socat’ from  latest version ~ “socat-2.0.0-b3.tar.gz”

ravi@arun:~$ wget

ravi@arun:~$ tar xvzf socat-

ravi@arun:~$ cd socat-

NOTE ~ No need to install the ‘fipsld’ package if you got the below msg after running the ‘make’ just following steps for

compiling socat….

FIPSLD_CC=gcc fipsld -O -D_GNU_SOURCE -Wall -Wno-parentheses  -DHAVE_CONFIG_H -I.  -I.   -c -o socat.o socat.c
/bin/sh: fipsld: command not found
make: *** [socat.o] Error 127

ravi@arun:~$ ./configure –disable-fips
ravi@arun:~$ make

To install it login as root
ravi@arun:~$ su –

ravi@arun:~# make install

Step 2) Now you need to add stats socket PATH in Haproxy configuration and restart haproxy as per shown in following example,

where I have added it under in ‘global’ setting –

ravi@arun:~# more /etc/haproxy/myhaproxy.cfg

#———–Start of haproxy Config file————–
log   local0
log   local1 notice
#log loghost    local0 info
maxconn 25000
user ravi
group ravi
stats socket    /tmp/haproxy
option          contstats
timeout         connect 5s
timeout         client 25s
timeout         server 25s
maxconn         100

listen ravitestbed IP
mode            tcp
balance         roundrobin
server          web1
server          web2

listen stats
mode            http
#stats          uri /stat  #Comment this if you need to specify diff stat path for viewing stat page
stats enable
stats auth admin:admin ##Auth user pass

#———–End of haproxy Config file————–

Step 3) Used /tmp/haproxy. Now you can send the commands to get stats from HAProxy –

Now time to use socat

ravi@arun:~# echo “”  | socat unix-connect:/tmp/haproxy stdio
Unknown command. Please enter one of the following commands only :
show info   : report information about the running process
show stat   : report counters for each proxy and server
show errors : report last request and response errors for each proxy
show sess   : report the list of current sessions

This will dump (possibly huge) info about all know sessions.

ravi@arun:~$ echo “show sess” | socat unix-connect:/tmp/haproxy stdio
0x9ee3520: proto=tcpv4 src= fe=ravitestbed be=ravitestbed srv=arun as=0 ts=08 age=4s calls=3
rq[f=009202h,l=0,an=00h,rx=20s,wx=,ax=] rp[f=009202h,l=0,an=00h,rx=20s,wx=,ax=] s0=[7,8h,fd=1,ex=] s1=[7,8h,fd=2,ex=] exp=20s
0x9eeb8e8: proto=tcpv4 src= fe=ravitestbed be=ravitestbed srv=arun as=0 ts=08 age=4s calls=3
rq[f=009000h,l=0,an=00h,rx=20s,wx=,ax=] rp[f=009202h,l=0,an=00h,rx=20s,wx=,ax=] s0=[7,8h,fd=8,ex=] s1=[7,8h,fd=9,ex=] exp=20s
0x9ef3d08: proto=tcpv4 src= fe=ravitestbed be=ravitestbed srv=arun as=0 ts=08 age=4s calls=3
rq[f=009000h,l=0,an=00h,rx=20s,wx=,ax=] rp[f=009202h,l=0,an=00h,rx=20s,wx=,ax=] s0=[7,8h,fd=12,ex=] s1=[7,8h,fd=13,ex=]
0x9f04548: proto=unix_stream as=2 ts=09 age=0s calls=2 rq[f=00e042h,l=10,an=20h,rx=10s,wx=,ax=]

rp[f=048060h,l=716,an=00h,rx=,wx=10s,ax=] s0=[7,0h,fd=3,ex=] s1=[0,0h,fd=-1,ex=] exp=9s

This will give you information about the running HAProxy process such as pid, uptime and etc.

ravi@arun:~$ echo “show info” | socat unix-connect:/tmp/haproxy stdio
Name: HAProxy
Version: 1.3.23
Release_date: 2010/01/28
Nbproc: 1
Process_num: 1
Pid: 11829
Uptime: 0d 0h42m53s
Uptime_sec: 2573
Memmax_MB: 0
Ulimit-n: 50013
Maxsock: 50013
Maxconn: 25000
Maxpipes: 0
CurrConns: 1
PipesUsed: 0
PipesFree: 0
Tasks: 1
Run_queue: 1

This will give you stats on all of your backends and frontends, some of the same stuff you see on the stats page enabled by the stats uri configuration. As an added bonus it’s all in CSV.

ravi@arun:~$ echo “show stat” | socat unix-connect:/tmp/haproxy stdio
ravitestbed,trupti,0,0,0,2,,15,7020,22722,,0,,0,0,0,0,no check,1,1,0,,,,,,1,1,1,,15,,2,0,,2,
ravitestbed,arun,0,0,0,5,,15,25562,27894,,0,,0,0,0,0,no check,1,1,0,,,,,,1,1,2,,15,,2,0,,3,

show errors will give you a capture of last error on each backend/frontend.

ravi@arun:~$ echo “show errors” | socat unix-connect:/tmp/haproxy stdio


Thanks to Joe (

Thank you,



简介: –

访问控制与TCP封装编译支持服务是通过在/ etc / hosts.allow和/ etc / hosts.deny中的文件。当连接试图的hosts.allow文件检查。如果线路匹配,连接是允许的。然后hosts.deny文件的咨询,如果某行匹配,连接被拒绝。如果没有匹配任何文件有发生,该连接是允许的。

如果配置如下所述,TCP包装将显示一个警告旗帜,任何用户试图连接到一个服务进行监察。下面的命令设置生成目录/ etc /横幅,其中包含的文件为每个服务的警告横幅文本。在这个例子中,横幅文本是“这个系统的使用仅限于授权用户。”请注意,警告字眼的旗帜,是网站的特定,但是,它至少应该强调,该系统的使用仅限于授权的人,并同意通过监督活动在登录到系统的暗示。
[@本地主机根]#/斌/ mkdir磷的/ etc /横幅
[@本地主机根]#/斌/回声“这套系统的使用限制在授权用户”“的/ etc /横额/
[@本地主机根]#光盘的/ etc /旗帜,/ usr /斌/化妆f / usr/share/doc/tcp_wrappers-7.6/Banners.Makefile

[@本地主机根]#回声’所有:所有:产卵(/斌/回声娥’/本/日’“\ ñ%荤试图连接到%s
“| /斌/邮件- s”的连接尝试到%s“根)&”> / etc / hosts.deny中



所有:本地:横幅的/ etc /横幅#所有来自当地的客户服务(主机名没有“。”)
sshd的:横幅的/ etc /横幅#之间的主机的IP地址10.1.1.0和10.1.2.0 SSH连接