PHP messages are often stored in the HTTP server logs. It is easier to watch for security issues when PHP errors are sent to a central location. This guide use syslog to store PHP messages in “/var/log/php.log”.
This howto is tested on:
- Debian 10.0 Buster
Requirements
This howto requires:
- a HTTP server with PHP support, as described by Install PHP-FPM on Debian.
- php-tools, command-line tool easing PHP configuration.
Settings
Set the PHP messages log file path:
logPath='/var/log/php.log'
Installation
Detect if sudo is available (“command” is used if not):
cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'
Set the default log file owner:
logOwner='root'
RSyslog
Detect RSyslog log file owner:
logOwner="$(command grep '$FileOwner' '/etc/rsyslog.conf' \
| command cut --delimiter=' ' --fields=2)"
Configure RSyslog to store PHP messages in a central log file:
[ -d '/etc/rsyslog.d' ] \
&& ${cmdProxy} tee '/etc/rsyslog.d/40-php.conf' \
<<< "# Log PHP messages to ${logPath}.
:msg,regex,\"^[w: ]*PHP \" ${logPath}
:msg,startswith,\" [wrapped:\" ${logPath}
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging PHP log messages to syslog default file.
& ~"
Create PHP log file and set its owner and access rights:
if [ -d '/etc/rsyslog.d' ]; then
${cmdProxy} touch "${logPath}"
${cmdProxy} chown "${logOwner}:adm" "${logPath}"
${cmdProxy} chmod 640 "${logPath}"
fi
Reload RSyslog configuration:
[ -d '/etc/rsyslog.d' ] && ${cmdProxy} systemctl 'force-reload' 'rsyslog'
Syslog-NG
Configure Syslog-NG to store PHP messages in a central log file:
[ -d '/etc/syslog-ng/conf.d' ] \
&& ${cmdProxy} tee '/etc/syslog-ng/conf.d/php.conf' \
<<< "########################
# PHP messages
########################
destination d_php { file(\"${logPath}\"); };
filter f_php { program(\"^php\"); };
log { source(s_src); filter(f_php); destination(d_php); };"
Create PHP log file and set its owner and access rights:
if [ -d '/etc/syslog-ng/conf.d' ]; then
${cmdProxy} touch "${logPath}"
${cmdProxy} chown "${logOwner}:adm" "${logPath}"
${cmdProxy} chmod 640 "${logPath}"
fi
Reload Syslog-NG configuration:
[ -d '/etc/syslog-ng/conf.d' ] && ${cmdProxy} systemctl 'reload' 'syslog-ng'
PHP
Configure PHP to log messages to syslog:
${cmdProxy} php-tools --add-mod --mod-name 'syslog' \
--mod-settings '; PHP errors logged to syslog:
error_log = syslog'
Reload PHP configuration:
${cmdProxy} php-tools --reload
Show PHP messages with:
${cmdProxy} tail -f "${logPath}"
Log rotation
Setup the rotation of PHP logs:
${cmdProxy} tee "/etc/logrotate.d/php" \
<<< "${logPath} {
weekly
missingok
rotate 4
compress
delaycompress
notifempty
create 640 ${logOwner} adm
}
${logPath}.slow {
weekly
missingok
rotate 4
compress
delaycompress
notifempty
create 644 www-data adm
}"
Next step
This howto recommends:
Thanks
- Thanks to PHP (en) developers.
- Thanks to RSyslog (en) developers.
- Thanks to Syslog-NG (en) developers.
- Thanks to Admin Linux (fr) for Mémo syslog-NG (fr).
0 Comments