I am sitting here shaking my head, why would anyone have this watchdog/syslog stuff enabled. For a shared host this is garbage you are logging to the servers /var/log/messages. I have tried tweaking syslog to ignore just the drupal stuff. So what I am gathering as a server admin we have to go in and disable this feature? Or has somebody ran across a way to filter this. I have to go now before I say anything else.


nevets’s picture

Not sure what your issue is but watchdog logs messages in a database table and they can be useful when things go bump in the night.

styro’s picture

It's sounds like you aren't a Drupal user, rather a sysadmin at a shared hosting outfit with Drupal using customers - correct?

The Drupal syslog module is not enabled by default, so your customers have done something boneheaded if they have enabled it and have no way of using it. Just like the other million and one other boneheaded things they try to do that you have to figure out some way of stopping or restricting.

As for the point of it - on my own dedicated servers why wouldn't I want my logging to be able to use syslog? Especially when syslog doesn't involve DB writes like the standard logging module does.

Not everyone uses a shared host.

thevoices’s picture


You hit the nail on the head, sysadmin for shared host, last night I lacked the tenacity to actually type out anything other than what I did state. So the question is why is this feature even built in, because we all know most users are using a shared host. So the fact that they can enable this is bad, being that no shared host allows any user to read /var/log/messages. Like I said i toyed with syslog.conf trying to filter just the drupal entries and this was not successful. The reason we want this gone is it makes it someone a sticky issue when trying to read through /var/log/messages and you have all these drupal entries that have nothing to do with the issue you are looking into. I will also install drupal, and enable this feature check files then disable to see if there is an easy way to disable this feature that is horrible for shared hosts.


styro’s picture

If you feel strongly enough about this and you can't find a way to filter out what you need to (really?), create a feature request issue against the syslog.module component in Drupal core.

State who you are and what your concern is, and then request that either syslog module gets moved out of core to a contrib module or some concrete suggestions on how to better identify the logs as coming from Drupal so they can be filtered out. You'll probably need to be very persuasive to get the module removed though.

A forum post like this won't go anywhere, and probably won't even be seen by anyone who will be able to do anything about it. Open an issue so it can be tracked properly.

thevoices’s picture


Thats not a bad idea, I have syslog filtering local0 to its own log, Which so far has been primarily drupal garbage. I fear at some point either customer when they enable this sysadmins bane is A. going to change the logging facility, B. something vital that uses that facility is going to be filtered, Thanks for the idea... and the only reason I posted here was to see if anyone else had ran into this annoyance.


dalin’s picture

Or you could just block the syslog() and openlog() PHP functions via php.ini

dave hansen-lange
Technical Manager
Great White North office

dlaube’s picture

I have seen this pop up on shared webhosting servers as well. To disable the syslog module using the MySQL command line, run the following SELECT to look at the state of your data before the change. This will help you to find the full name of the module too.

SELECT name,status FROM system WHERE type='module';

Then to disable your syslog module, set the status to 0 for the module name that you want to disable.

UPDATE system SET status='0' WHERE name='syslog';

Check your handiwork using the SELECT statement again. Hope this helps.

David Laube
Linux System Administrator

DanGarthwaite’s picture

Put the following in /etc/rsyslog.d/90-drupal and restart rsyslog

# drupal loging
if $programname == 'drupal' and $syslogseverity <= '6' then /var/log/drupal.log
if $programname == 'drupal' and $syslogseverity <= '6' then ~

xurizaemon’s picture

If this isn't picked up by default and you're wondering why, check /etc/rsyslog.conf - on Debian Lenny, /etc/rsyslog.d/90-drupal wasn't picked up because the IncludeConfig entry from /etc/rsyslog.conf was

$IncludeConfig /etc/rsyslog.d/*.conf

Renaming the file Dan suggests to /etc/rsyslog.d/90-drupal.conf fixed that for me.