[FASTCGI] save a log
charles_thomas at mac.com
Tue Aug 10 14:01:59 EDT 2010
I've always used syslog -- primarily because of syslog (rsyslog)'s
ability to send log messages to a centralized location -- where I can
put them in a postgres database -- but also because syslog has auto-
policing of log file sizes.
On Aug 10, 2010, at 11:37 AM, Jeremy Sandell wrote:
> On Mon, Aug 9, 2010 at 5:22 AM, Doru Georgescu
> <headset001 at yahoo.com> wrote:
> Please help me with another small but important issue:
> I want to log my fast cgi application's activity to a log file. I
> met two problems:
> 1. How to write to disk.
> I found FCGI_ToFile from fcgi_stdio.h on http://www.fastcgi.com/
> devkit/doc/fcgi-devel-kit.htm, and it did not work - the identifier
> is not defined. I found FCGI_ToFILE in fcgi_stdio.h, but it did no
> work - some conversion can not be performed.
> 2. How to write to /var/log/myapp.log.
> Only root can write to /var/log/ and to most /var/log/* files. I
> just disabled suexec for security reasons, following apache's site
> advice. Should I enable it just for the sake of logging? Should I
> write the log in my default cgi directory, /usr/lib/cgi-bin/? What
> security risks would be posed by each of these solutions?
> Because I am not using FCGI_Finish, I am now logging to apache's
> error log, which is a weird solution.
> What do you think is the best way to log from fast cgi?
> Thank you for your help,
> 1. AFAIK, you should be able to write to disk just like from any
> other process.
> 2. There are a number of ways to handle this, if you really prefer
> logging to /var/log. For example, you can create a file in /var/
> log/ as root, and change the ownership of the file so that your
> fast cgi user can write to it (e.g., sudo touch /var/log/
> example_log && chown YOURUSER.YOURGROUP /var/log/example_log). Or
> you could (again, as root) create a subdirectory within /var/log,
> and change the user/group ownership of that subdirectory to allow
> your fcgi write access. Of course, the easiest method is to just
> log somewhere that your user/group already has access to. I would
> not recommend elevating your process to superuser just for the sake
> of logging, but I'm paranoid. (:
> Jeremy Sandell
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the FastCGI-developers