PHP not writing to error_log
I recently switched from Apache to LiteSpeed. Since (though I'm not 100% sure of the timing) I don't think php is able to write to users' error_log
I'm also seeing a lot of entries like this in my kernel log
[976574.594142] type=1400 audit(1562012939.794:1171779): avc: denied { append } for pid=11758 comm="lsphp" name="error_log" dev=sda5 in ...: 1 Time(s)
FYI... What started me down this rabbit hole is trying to figure out why the Wordpress plugin 'WP Fail2Ban' is no longer logging events to /var/log/messages. On one server the php handler is LiteSpeed and the other apache/php-fpm - In case anyone has any insight to that.
-
I believe litespeed uses their own error log: litespeed doesn't use apache error log? 0 -
What's the output of the following? sestatus
That sounds a lot like an SELinux related error. cPanel does not support SELinux this is noted in the installation instructions here: - Installation Guide - System Requirements - Version 68 Documentation - cPanel Documentation [QUOTE] Disable SELinux If your server runs an operating system from a source other than the0 -
Thanks @cPanelLauren , I hadn't really considered that. This server was provisioned as a cPanel server by my data centre, and I know SELinuxe doesn't play nice with cPanel. It is there, but is set to permissive. # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 24 Policy from config file: targeted
FYI... I did a search in /home/*/public_html/* for files named error_log less than 2 days old, and there were a few, so at least some accounts are writing them. Still confused by all the entries in my nightly logwatch such as the one above though.0 -
If you disable selinux do you still get the error when lsphp is attempting to write to the apache log? Instructions on disabling it are located in the link I provided. 0 -
If you disable selinux do you still get the error when lsphp is attempting to write to the apache log? Instructions on disabling it are located in the link I provided.
I'll try a controlled test on it this afternoon. To my understanding though, SELinux set to permissive should be doing nothing anyways, but I'm not 100% sure on that. Ps. Actually, I can't reboot until tonight... will test tomorrow.0 -
Technically it's not being enforced but those AVC messages are logged: 5.4. Permanent Changes in SELinux States and Modes - Red Hat Customer Portal [QUOTE]When SELinux is running in permissive mode, SELinux policy is not enforced. The system remains operational and SELinux does not deny any operations but only logs AVC messages, which can be then used for troubleshooting, debugging, and SELinux policy improvements.
So, in theory, you should have errors being written to the apache error logs and those AVC messages right now.0
Please sign in to leave a comment.
Comments
7 comments