{"id":502,"date":"2010-03-19T15:04:30","date_gmt":"2010-03-19T13:04:30","guid":{"rendered":"https:\/\/mschuette.name\/wp\/?p=502"},"modified":"2010-03-19T15:04:30","modified_gmt":"2010-03-19T13:04:30","slug":"php-syslog-patch","status":"publish","type":"post","link":"https:\/\/mschuette.name\/wp\/2010\/03\/php-syslog-patch\/","title":{"rendered":"PHP syslog patch"},"content":{"rendered":"

Given a multiuser webserver with PHP and error logging to syslog. Problem: how do you correlate error messages with users? This patch lets PHP call openlog()<\/code> with a configurable program name.<\/p>\n

My first approach was to filter by file and path names, but not every message includes a filename, so I was left with some lines like these:<\/p>\n

2010-03-15T00:00:15.00+01:00 server php-cgi: Undeclared entity warning at line 54, column 8<\/code><\/p><\/blockquote>\n

To overcome the problem I introduce two new php.ini variables: syslog.program<\/code>, to give the program name, and the boolean syslog.pid<\/code>, to enable logging the PID. Default values are \"\"<\/code> and Off<\/code>, resulting in the previous behaviour (using the executable name as program name without PID). I use suphp<\/a>, so every user has an own php.ini with syslog.program<\/code> set to “php\/username”, thus writing log lines like:<\/p>\n

2010-03-19T09:00:14.00+01:00 server php\/mschuett[87777]: Undeclared entity warning at line 54, column 8<\/code><\/p><\/blockquote>\n

With mod_php the variables can also be set per directory with php_admin_value<\/code>. Changing them with ini_set()<\/code> is not supported (not necessary because a new call to openlog()<\/code> has the same effect). For enhanced security one could\/should also use the php.ini setting disable_functions=openlog<\/code> to prevent users from overriding these settings.<\/p>\n

Because the source file is also affected by the Suhosin<\/a> patch, I prepared two diffs:<\/p>\n