PHP syslog patch
Given a multiuser webserver with PHP and error logging to syslog. Problem: how do you correlate error messages with users? This patch lets PHP call openlog() with a configurable program name.
My first approach was to filter by file and path names, but not every message includes a filename, so I was left with some lines like these:
2010-03-15T00:00:15.00+01:00 server php-cgi: Undeclared entity warning at line 54, column 8
To overcome the problem I introduce two new php.ini variables: syslog.program, to give the program name, and the boolean syslog.pid, to enable logging the PID. Default values are "" and Off, resulting in the previous behaviour (using the executable name as program name without PID). I use suphp, so every user has an own php.ini with syslog.program set to “php/username”, thus writing log lines like:
2010-03-19T09:00:14.00+01:00 server php/mschuett[87777]: Undeclared entity warning at line 54, column 8
With mod_php the variables can also be set per directory with php_admin_value. Changing them with ini_set() is not supported (not necessary because a new call to openlog() has the same effect). For enhanced security one could/should also use the php.ini setting disable_functions=openlog to prevent users from overriding these settings.
Because the source file is also affected by the Suhosin patch, I prepared two diffs:
- PHP 5.2.12:patch-php5.2.12.ext_standard_syslog.diff
- PHP 5.2.12 with Suhosin: patch-php5.2.12.suhosin.ext_standard_syslog.diff
[Update: the patches still work for PHP 5.3.6]
[Update2: finally got around to write a Feature Request #54144]
This entry was posted on Friday, March 19th, 2010 at 15:04 and is filed under Admin, english, PHP, Syslog.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.
