TCP port scan detection with HAProxy: Revised

I gained more understanding of Debian and HAProxy after my previous post on detecting TCP port scans with HAProxy. Because the HAProxy package for Debian has its own logging setting,  my own logging configurations are not really necessary. Here are the revised and shorter instructions:

1. Install HAProxy.
   

   apt-get install haproxy

2. Append the following lines to HAProxy's configuration at /etc/haproxy/haproxy.cfg.  Please note that the "log" statement has changed.
   

   frontend fr_tcp
       log global
       mode tcp
       bind <IP address of your HAProxy server>:1-24
       bind <IP address of your HAProxy server>:26-79
       bind <IP address of your HAProxy server>:81-40000
       log-format %ci:%cp\ =>\ %[dst]:%[dst_port]\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
       default_backend bk_tcp
   
   backend bk_tcp
       mode tcp
       server www-2 127.0.0.1:1028
   

3. restart rsyslog and haproxy.
   

   service rsyslog restart
   service haproxy restart

That's all you need to get HAProxy to detect TCP port scans.  You should soon get TCP scan logs in /var/log/haproxy.log like the following:

2018-11-14T13:23:43.916980+00:00 vps542 haproxy[23849]: 20x.1yz.35.1xz:43908 => 18x.1yz.122.zy:22032 [14/Nov/2018:13:23:39.095] fr_tcp bk_tcp/www-2 1/0/4821 991 -- 2/2/2/2/0 0/0

It shows that a node at IP 20x.1yz.35.1xz had tried to connect to TCP port 22032 of my VPS.  Simple, huh?