I want to write a small PHP application for monitoring logs on a Debian server, including syslog logs and Apache/PHP messages. The problem here is that Apache user (www-data) has no access to /var/log directory. What would be the best way to grant an access to logs for PHP application? Let's assume that log files can be really large, like hundreds of megabytes.
I have some ideas:
-
Write a shell script that would be run via sudo and tail last 512 Kb of log into a separate file that can be read by application – that's ineffective, because of forking a new process and having to read data twice
-
Add www-data to adm group (that can read logs) – that's insecure
-
Start a PHP process via cron every minute to read logs — that's not very good, because it doesn't allow real-time monitoring. Also, this script will be started even when I don't read logs, and consume CPU time (server is in the cloud, and I'll have to pay for it)
-
Create a hardlink for all log files with lowered permissions – I guess, that won't work because logrotate could recreate log files and they'll change inode number.
-
Start a separate nginx/Apache server under privileged user that may read logs.
Maybe anyone got a better solution?
Best Answer
I would recommend using rsyslogd to log directly to a mysql database which can be accessed by php. This is a supported configuration of rsyslog. I believe lenny+ for debian rsyslog is the default sys logger, so it should be just installing mysql if its not already there, configuring the security, setting up the tables, and configuring rsyslog.
http://www.rsyslog.com/doc/rsyslog_mysql.html
example:
Hope this is helpful to you.