[FASTCGI] save a log

Tom Bowden charles_thomas at mac.com
Tue Aug 10 14:01:59 EDT 2010


I've always used syslog -- primarily because of syslog (rsyslog)'s  
ability to send log messages to a centralized location -- where I can  
put them in a postgres database -- but also because syslog has auto- 
policing of log file sizes.


On Aug 10, 2010, at 11:37 AM, Jeremy Sandell wrote:

> On Mon, Aug 9, 2010 at 5:22 AM, Doru Georgescu  
> <headset001 at yahoo.com> wrote:
> Please help me with another small but important issue:
>
> I want to log my fast cgi application's activity to a log file. I  
> met two problems:
>
> 1. How to write to disk.
> I found FCGI_ToFile from fcgi_stdio.h on http://www.fastcgi.com/ 
> devkit/doc/fcgi-devel-kit.htm, and it did not work - the identifier  
> is not defined. I found FCGI_ToFILE in fcgi_stdio.h, but it did no  
> work - some conversion can not be performed.
>
> 2. How to write to /var/log/myapp.log.
> Only root can write to /var/log/ and to most /var/log/* files. I  
> just disabled suexec for security reasons, following apache's site  
> advice. Should I enable it just for the sake of logging? Should I  
> write the log in my default cgi directory, /usr/lib/cgi-bin/? What  
> security risks would be posed by each of these solutions?
>
> Because I am not using FCGI_Finish, I am now logging to apache's  
> error log, which is a weird solution.
>
> What do you think is the best way to log from fast cgi?
>
> Thank you for your help,
> Doru
>
>
> 1. AFAIK, you should be able to write to disk just like from any  
> other process.
> 2. There are a number of ways to handle this, if you really prefer  
> logging to /var/log. For example, you can create a file in /var/ 
> log/ as root, and change the ownership of the file so that your  
> fast cgi user can write to it (e.g., sudo touch /var/log/ 
> example_log && chown YOURUSER.YOURGROUP /var/log/example_log). Or  
> you could (again, as root) create a subdirectory within /var/log,  
> and change the user/group ownership of that subdirectory to allow  
> your fcgi write access. Of course, the easiest method is to just  
> log somewhere that your user/group already has access to. I would  
> not recommend elevating your process to superuser just for the sake  
> of logging, but I'm paranoid. (:
>
> HTH,
> Jeremy Sandell
> _______________________________________________
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.pins.net/mailman/private.cgi/fastcgi-developers/attachments/20100810/896fc3eb/attachment.html>


More information about the FastCGI-developers mailing list