Separate log file or syslog target

[Enormoss]

I know that support for separate log was removed in previous versions.
Suhosin has capability to log to syslog.
It could be helpful to set internal logging to syslog.

E.g. to catch warnings about eval'd code. Now errors/warnings goes to PHP log facility and it can be overridden by user/attacker by settings error_log, error_reporting, display_errors etc.
So creating something setting like: stealth logging to syslog cloud be helpful.

[jvoisin]

Interesting idea.

We can either:

• provide some virtual-patching rules to prevent calling ini_set with logging-related parameters
• add a logs_lockdown option, to prevent log-related modifications
• add the possibility to log into the syslog, via syslog(3)

Thoughts?

[Enormoss]

I already did some modification:
I added ini (PHP_INI_SYSTEM) settings:

    sp.log_syslog
    sp.log_zend

Which are boolean and then in sp_utils.c there is used syslog(3) and condition, where to log based on these settings.
If sp.log_zend is True (1) then stderr is also used.
This is only quick fix now. I'm not real C programmer. Currently I don't know if it will work under heavy load (syslog() call).

Now it is able to not to disturb php output and log to syslog.

Where to send patch?

[jvoisin]

You can send a pull-request :)

[jvoisin]

@Enormoss I just pushed a pull-request with a different approach (#303), what do you think about it?

[buixor]

In light of https://github.com/nbs-system/snuffleupagus/issues/307 this really makes sense.

[Enormoss]

Yes, because e.g. in Webhosting provider environment it is better to simulate and silent log to file instead of disturb scripts.

[buixor]

https://github.com/nbs-system/snuffleupagus/pull/308

Need to decide if it makes sense not to openlog() in each sp_log_msg call tho

[jvoisin]

This was done in 504f029.