buixor
commented
3 years ago we're currently looking into php error logs support, feel free to drop more sample logs (from mod_php ou php-fpm), it will help us !
Thanks
Open LtSich opened 3 years ago
buixor
commented
3 years ago we're currently looking into php error logs support, feel free to drop more sample logs (from mod_php ou php-fpm), it will help us !
Thanks
gmelodie
commented
3 years ago I'll try my hand at this!
If I understand this correctly we want to parse apache errors/warnings coming specifically from PHP (that contain [php7:warn] or variations of that). Shoud this be implemented on apache2-logs.yaml as a new - grok and -nodes for future variations of messages? For now we'd only have one use case as per the example.
Let me know if I'm misunderstanding sth :)
Edit: also @LtSich I found the original log line you posted was not matching against some regexes (specifically the APACHEERRORPREFIX regex). Here's the "reconstructed" log which I think should be your original log message. If what you posted is really the original log message, we could consider adapting the APACHEERRORPREFIX pattern.
[Tue Oct 12 11:25:34.501090 2021] [php7:warn] [pid 12661:tid 1234] [client 51.77.205.150:48314] PHP Warning: file_exists(): open_basedir restriction in effect. File(/home/menu8650/public_html/wp-content/themes/speculor/functions.php) is not within the allowed path(s): (/var/www/xxxx/:/tmp) in /var/www/xxxx/wp-content/themes/speculor/vendor/freemius/wordpress-sdk/includes/class-freemius.php on line 710And the regex that recogzines the message (this is almost like GENERICAPACHEERROR but without an (extra) space between prefix and data):
^%{APACHEERRORPREFIX}%{GREEDYDATA:message}$
I have 1 client with apache-mod-php on debian 10, and I've got some message like that in error.log :
And Crowdsec complain about that with this message :