Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.On this page
- About
- How To Configure the syslog Module with rsyslog
- How To Configure rsyslog to Log Drupal Messages to a Dedicated File and NOT to /var/log/messages
- Using syslog
- 1. Install & configure the Syslog module
- 2. Configure Syslog to log to a separate file (optional)
- 3. Disable the Database Logging (formerly, Watchdog) module (optional)
- 4. Configure Syslog to log to a separate file for each domain
- More information
- Notes
Syslog module overview
Drupal 7 will no longer be supported after January 5, 2025. Learn more and find resources for Drupal 7 sites
About
The Syslog module logs events by sending messages to the logging facility of your web server's operating system. Syslog is an operating system administrative logging tool that provides valuable information for use in system management and security auditing. Most suited to medium and large sites, Syslog provides filtering tools that allow messages to be routed by type and severity.
It is not suitable for shared hosting environments.
It might not be as user friendly as Database Logging but will allow you to see logs and troubleshoot if your site is not accessible. Because the Database logging module writes logs to the database, it can slow down the website. By using Syslog you can improve the performance of the site.
How To Configure the syslog Module with rsyslog
Drupal logging is critical, because it can flag to administrators if the system is misconfigured, broken or even hacked. But logging Drupal errors to the screen is inadvisable, because it makes end users (customers) nervous, potentially affecting confidence and sales.
What if My System Uses rsyslog, not syslog?
Recent versions of Debian and CentOS use rsyslog instead of syslog. Happily, rsyslog (a drop-in replacement for syslog that runs on Debian, Ubunto and CENTOS) "understands" syslog data streams.
Some people actually consider rsyslog to actually be an extension of syslog rather than a replacement, because rsyslog is a more powerful system than syslog, and a direct response to some of the shortcomings of the original syslog implementation...but still largely compatible.
First, Stop Logging Errors To the Screen
Visitors and customers don't like seeing error messages logged to their screen. It lowers confidence and this can affect sales in an age where so many cyber intrusions have happened. People are very sensitive to trouble, and even a warning or notice message, however harmless, may negatively affect enthusiasm, confidence and sales.
1. Navigate to:
admin/config/development/logging
2. Turn off reporting errors to the screen.
3. Click on Save configuration.
Yes, You Can use the Syslog Module to Log Drupal Errors to a Logfile
Thankfully, the Syslog (syslog) module enables the use of the general-purpose system logging process (syslog) to capture messages into the general-purpose logfile (/var/log/messages) out of the box.
How To Configure What the Syslog Module Logs
These settings help to include or exclude the various different classes of messages that the Drupal system creates:
1. Navigate to:
admin/config/development/logging
2. Check the messages that should appear in the ERROR LOG: (I selected them all)
3. Click on Save configuration.
How To Configure Where the Syslog Module Logs
Log entries can be "signed" or "identified" by the facility entering that message, which can help with filtering. Another level of filtering is to use a specific "channel" or "facility" to write messages to the logfile. Channels are associated with different alert levels.
1. In the Syslog identity field, enter drupal
2. In the Syslog facility field, select LOG_LOCAL1
3. Click on Save configuration.
Wait! My /var/log/messages is Going to Get Slammed With Hundreds of Drupal Messages!
An out of the box Syslog module installation may result in hundreds of drupal messages in /var/log/messages, making that log more difficult to monitor. The primary purpose of /var/log/messages is not to help troubleshoot applications like Drupal, but to help system administrators stay on top of system-level events.
Fortunately, rsyslog can be configured to route messages into dedicated logfile, like /var/log/drupal.log, and NOT send messages into /var/log/messages. That way, Drupal notices, warnings and errors can potentially be more easily discovered, identified, researched and acted upon.
How To Configure rsyslog to Log Drupal Messages to a Dedicated File and NOT to /var/log/messages
To instruct rsyslog to send drupal-oriented messages to a dedicated logfile (drupal.log) and not send drupal-oriented messages to the system logfile (messages), you will need to create a drupal-oriented rsyslog configuration file with special instructions in it:
1. In:
/etc/rsyslog.d
Create a file called:
drupal.conf
Containing the following code:
# Optional Comment
if $programname startswith 'drupal' then {
action(type="omfile" File="/var/log/drupal.log")
stop
}2. Restart rsyslog
Using syslog
Here is a four-step guide to switching from Drupal's default database. It is for Linux systems only.
1. Install & configure the Syslog module
- Enable the module Syslog on the Modules page at admin/modules
- Configure the module on the 'Logging and errors' configuration page at admin/config/development/logging
- Select which Syslog facility to attach to the log messages. Choose one that is not in use by Syslog.
- Set the syslog identity (a string that will be prepended to every message logged to Syslog), for example
drupal_www_example_com.
2. Configure Syslog to log to a separate file (optional)
You can write the log messages to a separate file (If you don't the messages will most likely end up in /var/log/messages)
Edit the appropriate syslog configuration file. To find this file, choose one of the following three options:
- Option 1: Newer operating systems with override (1)
/etc/rsyslog.d/drupal.confor
- Option 2: Newer operating systems without override
/etc/rsyslog.confor
- Option 3: Older operating systems without override
/etc/syslog.conf
Note: (1) The Linux community consensus is to always override Linux core configuration files, such as, but not limited to, the rsyslog.conf file. Instead of hacking Linux core. Some of the benefits with overriding is that future Linux updates are much easier, faster, and are less risky to result in your configuration being deleted. The Drupal community's Coding Standards has the same consensus with Drupal core. If the rsyslog.d folder and drupal.conf file do not exist, you simply need to create them with appropriate permissions on each. The drupal.conf file name could be any name to your liking. This Linux override standard is supported by newer Linux operating systems who support rsyslog.
Add the following line at the bottom of the configuration file:
local0.* /var/log/drupal.log
Where local0 is the Syslog facility that you chose in the Syslog configuration (see Step 1)
Restart the syslog daemon. To do so, choose one of the following four options. Which one option you choose depends on the operating system and your preferred command:
- Option 1: Linux systemctl rsyslog
sudo systemctl restart rsyslog.serviceor
- Option 2: Linux service rsyslog
sudo service rsyslog restartor
- Option 3: Linux service syslog
sudo service syslog restartor
- Option 4: Mac OS X launchctl syslogd
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plistsudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
Check that you are seeing messages in the syslog:
tail /var/log/drupal.log
This shows the bottom of the log file. To see the complete log file use:
less /var/log/drupal.log
To see new log messages appearing in the log file use:
tail -f /var/log/drupal.log
Exit using ctrl+c
3. Disable the Database Logging (formerly, Watchdog) module (optional)
If you have the Database logging (dblog) enabled, disable it at on the Modules page /admin/build/modules.
4. Configure Syslog to log to a separate file for each domain
You can use separate log files for each website.
Edit the syslog configuration file at:
/etc/syslog.conf
or
/etc/rsyslog.conf
and add:
Note that the following syntax uses an if block (RainerScript) and is only available in rsyslog, not syslog.
if $programname == 'drupal_www_example_com' then /var/log/drupal/drupal_www_example_com.log
& stop
local0.* /var/log/drupal/others.log
& stop
$programname drupal_www_example_com is the Sylog identity that you have set in the Logging and errors configuration page, (admin/config/development/logging), see step 1.
With the last line you are sure to put all Drupal log (if you choose facility local0) in one file.
The "strange" lines, & ~, omit to put the log record in other files (for example /var/log/syslog)
Note If you use rsyslog with a /etc/rsyslog.d/ folder, you can create a new file there, with the same content (preferred method).
More information
Write drupal logs to rsyslog instead of to dblog
See also the PHP's documentation pages for the openlog and syslog functions.
On syslog facilities, severity levels, and how to setup a syslog.conf file, see UNIX/Linux syslog.conf.
Notes
On Windows Server 2003R2, syslog doesn't write successfully to the Event Log. Instead, an Application Warning appears (Source: PHP-5.2.0) which starts with: "The description for Event ID ( 3 ) in Source ( PHP-5.2.9 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer". According to http://www.php.net/manual/en/function.syslog.php#41832 , the default IUSR_ needs to be added to the Users group
php.ini needs to explicitly state that error logs are written to syslog (ie. error_log = syslog), otherwise the syslog module will not work.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
