syslog

If anyone is wondering why their log messages are appearing in multiple log files, here is one answer applying to *nix systems:If your syslog.conf looks like this (assuming you use LOG_LOCAL0 for web app logging) :local0.info    /var/log/web/info.logThis will collect *all* messages of LOG_INFO level and higher, i.e everything except debug messagesTry this instead to ensure that only messages of the named log level go into the relevant log file:local0.=info    /var/log/web/info.logAdditionally, you may like to add this to ensure your messages don't end up in generic log files like "messages"  "all" "syslog" and "debug":local0.none    /var/log/messageslocal0.none    /var/log/debugetcsaves disk space among other things - more at "man syslog.conf"

This function sends messages in BSD Syslog RFC 3164 format (https://tools.ietf.org/html/rfc3164).To see the raw messages being sent by PHP to the logging socket, first stop your syslog/rsylsog/ng-syslog service, then listen to the logging socket with the netcat-openbsd package:nc -U -l /dev/logNow, log something from PHP:<?phpsyslog(LOG_LOCAL1|LOG_INFO, "Test from PHP");?>You will see the rfc3164 output from netcat:<142>Oct 24 14:32:51 php: Test from PHP

Syslog autodetects newline control characters and therefore splits the message by multiple lines. To prevent this behavior in PHP 7.3+ you can use undocumented (at this moment) ini setting:<?phpini_set('syslog.filter', 'raw');# more info here: https://bugs.php.net/bug.php?id=77913

A word of warning; if you use openlog() to ready syslog() and your Apache threads accept multiple requests, you *must* call closelog() if Apache's error log is configured to write to syslog.  Failure to do so will cause Apache's error log to write to whatever facility/ident was used in openlog.Example, in httpd.conf you have:ErrorLog syslog:local7and in php you do:<?phpopenlog("myprogram", 0, LOG_LOCAL0);syslog("My syslog message");?>From here on out, this Apache thread will write ErrorLog to local0 and under the process name "myprogram" and not httpd!  Calling closelog() will fix this.

This one had me going for a while when using LOG_ constants in another object, when developing on Windows, but deploying on Linux.Windows evaluates some of the LOG_ constants to the same value, while LINUX does not.The 8 constants and their differences on the platforms to be aware of:Linux has these values as:========================LOG_EMERG = 0LOG_ALERT = 1LOG_CRIT = 2LOG_ERR = 3LOG_WARNING = 4LOG_NOTICE = 5LOG_INFO = 6LOG_DEBUG = 7While on Windows, you have:==========================LOG_EMERG = 1LOG_ALERT = 1LOG_CRIT = 1LOG_ERR = 4LOG_WARNING = 5LOG_NOTICE = 6LOG_INFO = 6LOG_DEBUG = 6So if you're setting LOG_WARNING in your code, Linux will use 4 as the priority while Windows will use 5.This is not a bug in PHP on either platform, but a difference in the system header files that PHP compiles with.  Not really anything you can do, but be aware if you're wondering why your messages log at different priorities depending on the platform, this could be why.

For those who want to simultaneously write to multiple syslog facilities : syslog(LOG_INFO|LOG_LOCAL0, "message for local0");syslog(LOG_INFO|LOG_LOCAL1, "message for local1");

If you are using syslog-ng and want errors send to syslog then use ini setting "error_log = syslog" and add something like the following to your syslog-ng.conf:destination php { file("/var/log/php.log" owner(root) group(devel) perm(0620)); };log { source(src); filter(f_php); destination(php); };

There's no point to manually timestamp the message (as shown in docs' example) as all sane logging systems timestamp all entries by themselves.