Reading log files from web application


I want to write a small PHP application for monitoring logs on a Debian server, including syslog logs and Apache/PHP messages. The problem here is that Apache user (www-data) has no access to /var/log directory. What would be the best way to grant an access to logs for PHP application? Let's assume that log files can be really large, like hundreds of megabytes.

I have some ideas:

  • Write a shell script that would be run via sudo and tail last 512 Kb of log into a separate file that can be read by application – that's ineffective, because of forking a new process and having to read data twice

  • Add www-data to adm group (that can read logs) – that's insecure

  • Start a PHP process via cron every minute to read logs — that's not very good, because it doesn't allow real-time monitoring. Also, this script will be started even when I don't read logs, and consume CPU time (server is in the cloud, and I'll have to pay for it)

  • Create a hardlink for all log files with lowered permissions – I guess, that won't work because logrotate could recreate log files and they'll change inode number.

  • Start a separate nginx/Apache server under privileged user that may read logs.

Maybe anyone got a better solution?

Best Answer

I would recommend using rsyslogd to log directly to a mysql database which can be accessed by php. This is a supported configuration of rsyslog. I believe lenny+ for debian rsyslog is the default sys logger, so it should be just installing mysql if its not already there, configuring the security, setting up the tables, and configuring rsyslog.


*.*       :ommysql:database-server,database-name,database-userid,database-password

Hope this is helpful to you.