Log PHP messages with syslog

Published by Pierre-Yves Landuré on

PHP messages are often stored in the HTTP server logs. It is easier to watch for security issues when PHP errors are sent to a central location. This guide use syslog to store PHP messages in “/var/log/php.log”.

This howto is tested on:

  • Debian 10.0 Buster

Requirements

This howto requires:

Settings

Set the PHP messages log file path:

logPath='/var/log/php.log'

Installation

Detect if sudo is available (“command” is used if not):

cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'

Set the default log file owner:

logOwner='root'

RSyslog

Detect RSyslog log file owner:

logOwner="$(command grep '$FileOwner' '/etc/rsyslog.conf' \
    | command cut --delimiter=' ' --fields=2)"

Configure RSyslog to store PHP messages in a central log file:

[ -d '/etc/rsyslog.d' ] \
  && ${cmdProxy} tee '/etc/rsyslog.d/40-php.conf' \
    <<< "# Log PHP messages to ${logPath}.
:msg,regex,\"^[w: ]*PHP \" ${logPath}
:msg,startswith,\"  [wrapped:\" ${logPath}
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging PHP log messages to syslog default file.
& ~"

Create PHP log file and set its owner and access rights:

if [ -d '/etc/rsyslog.d' ]; then
  ${cmdProxy} touch "${logPath}"
  ${cmdProxy} chown "${logOwner}:adm" "${logPath}"
  ${cmdProxy} chmod 640 "${logPath}"
fi

Reload RSyslog configuration:

[ -d '/etc/rsyslog.d' ] && ${cmdProxy} systemctl 'force-reload' 'rsyslog'

Syslog-NG

Configure Syslog-NG to store PHP messages in a central log file:

[ -d '/etc/syslog-ng/conf.d' ] \
  && ${cmdProxy} tee '/etc/syslog-ng/conf.d/php.conf' \
      <<< "########################
# PHP messages
########################

destination d_php { file(\"${logPath}\"); };
filter f_php { program(\"^php\"); };
log { source(s_src); filter(f_php); destination(d_php); };"

Create PHP log file and set its owner and access rights:

if [ -d '/etc/syslog-ng/conf.d' ]; then
  ${cmdProxy} touch "${logPath}"
  ${cmdProxy} chown "${logOwner}:adm" "${logPath}"
  ${cmdProxy} chmod 640 "${logPath}"
fi

Reload Syslog-NG configuration:

[ -d '/etc/syslog-ng/conf.d' ] && ${cmdProxy} systemctl 'reload' 'syslog-ng'

PHP

Configure PHP to log messages to syslog:

${cmdProxy} php-tools --add-mod --mod-name 'syslog' \
    --mod-settings '; PHP errors logged to syslog:
error_log = syslog'

Reload PHP configuration:

${cmdProxy} php-tools --reload

Show PHP messages with:

${cmdProxy} tail -f "${logPath}"

Log rotation

Setup the rotation of PHP logs:

${cmdProxy} tee "/etc/logrotate.d/php" \
<<< "${logPath} {
 weekly
 missingok
 rotate 4
 compress
 delaycompress
 notifempty
 create 640 ${logOwner} adm
}

${logPath}.slow {
 weekly
 missingok
 rotate 4
 compress
 delaycompress
 notifempty
 create 644 www-data adm
}"

Next step

This howto recommends:

Thanks

Categories: PHPSyslog

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

PHP

Send an email notification on PHP errors

Being notified quickly of errors triggered on a server allow for a quick resolution of problems on a production site. This guide set up a e-mail notification of PHP errors.

PHP

Install PHP extension OPCache on Debian

OPcache improves PHP performance by storing precompiled script bytecode in shared memory, thereby removing the need for PHP to load and parse scripts on each request. This guide describe its installation on Debian.

PHP

Install PHP extension APCu on Debian

APCu is a user data cache extension for PHP. It is used by many PHP applications to improve their performances.