Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Currently is not possible to include !severity as part of the logged message by syslog. But this information is available to be logged, the problem is there is no placeholder !severity
to persist it.
Proposed resolution
Add !severity
as one of the available placeholders.
To avoid break BC compatibility, do not included by default in syslog config.
Comment | File | Size | Author |
---|---|---|---|
#60 | syslog-1748410-60.patch | 2.9 KB | dpovshed |
#52 | syslog-1748410-52-failing.patch | 1.32 KB | wesleydv |
#50 | interdiff-1748410-48-50.txt | 2.02 KB | wesleydv |
#50 | syslog-1748410-50.patch | 3.88 KB | wesleydv |
#48 | interdiff-1748410-38-48.txt | 1.92 KB | wesleydv |
Comments
Comment #1
dasha_v CreditAttribution: dasha_v commentedProposed patch attached (option #1 - minor change, includes severity to the list of available variables).
Comment #2
dasha_v CreditAttribution: dasha_v commentedOption #2 - updates
syslog_format
variable in addition.Comment #3
doublejosh CreditAttribution: doublejosh commentedPersonally I think this piece of information should be included by default. However, since I imagine MOST people (even experts) don't change this value from the default... then this update would alter the output and therefor possibly break log parsing if it assumed a certain structure.
Am I being too cautious?
If not, I'd say go for updating the default.
Comment #4
nico.knaepen CreditAttribution: nico.knaepen at Logic in Motion for Colruyt Group Services commentedTo have the most accurate syslog and be able to apply policies based on any given severity, you need a severity in your syslog files. So I would propose to add this.
Manual Review
Comment #5
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedThe severity is passed to syslog() itself and I think the idea is that separating them out based on severity might be handled by the syslog configuration on the server, although I agree it would be useful to simply have available in the syslog format too.
However, it looks like this would be relevant for Drupal 8 too, so it would need to be added there first.
I'm also not sure we'd want to change the default format for existing sites at this point (see discussion by doublejosh in #3) although we certainly could add it as an option for people who want to configure it on their own.
Comment #9
dagmarWith d8, we don't have the problem of upgrade path because configs are not automatically updated if you change the default value on an yml is not automatically applied. So current installations will not break.
Tagging this as Novice for D8, we could include the !severity on
syslog.settings.yml
and in the$form['syslog_format']
description.Then we should create a change record that explains that Drupal 8.4.x have this setting configured on new installations.
Comment #10
dagmarComment #11
dagmarComment #12
Thomasdbcklr CreditAttribution: Thomasdbcklr at Dropsolid commentedComment #13
dagmarThanks @Thomasdbcklr. We still need a change record do you want to create it?
Comment #14
falc0 CreditAttribution: falc0 at Dropsolid commentedNever done this before, can you check if the change record is ok? https://www.drupal.org/node/2872254
Comment #15
dagmarThanks! Well in my opinion the change record should say that in 8.4.x severity is added by default. And also that existing sites are not updated by default.
This value was available before. So that's not relevant for the change record.
Comment #16
falc0 CreditAttribution: falc0 at Dropsolid commentedI've updated the change record.
Comment #17
benjifisherI am removing the "Needs change record" tag since it has already been written. I think it is still a novice task to review the change record. In fact, a lot of change records would benefit from being reviewed by novices.
Comment #18
dagmarThanks @falc0. Agree with @benjifisher here. The Change Record still needs a bit of work.
Comment #19
sgarrahy CreditAttribution: sgarrahy commentedI'm at DrupalCon Baltimore at the sprint. I've reviewed the patch and happy to revise the change record.
Comment #20
sgarrahy CreditAttribution: sgarrahy commentedChange record revised at https://www.drupal.org/node/2872254
Comment #21
sgarrahy CreditAttribution: sgarrahy commentedComment #22
dagmarI tried this parch and the syslog includes !severity without the replacement
10627 Apr 29 19:26:43 AR-IT06455 drupal: http://example.com|1493504803|page not found|127.0.0.1|http://example.com/admin/config/development/ logging0||!severity|1||/this-page-does-not-exists
This is because the Logger class doesn't include !severity in
core/modules/syslog/src/Logger/SysLog.php
Comment #23
c.nish2k3 CreditAttribution: c.nish2k3 as a volunteer commentedUpdated patch with changes to Logger class
Comment #24
dagmarThanks @c.nish2k3. The tests will probably pass because we don't have tests for this feature. I created #2874069: Make syslog testable. In my opinion we should postpone this ticket until we have some test coverage that ensure this is working as expected.
Comment #25
dagmarReopening this, syslog() cannot be covered with automated testing.
Also
$context['severity']
is actually$level
in thelog()
methodComment #26
c.nish2k3 CreditAttribution: c.nish2k3 as a volunteer commentedComment #27
c.nish2k3 CreditAttribution: c.nish2k3 as a volunteer commentedComment #28
mahalingam_cs CreditAttribution: mahalingam_cs at TATA Consultancy Services commentedApplied patch successfully from #27. @ nish2k3 , please include the !severity under “Specify the format of the syslog entry. Available variables are:”
Comment #29
c.nish2k3 CreditAttribution: c.nish2k3 as a volunteer commentedIt is updated in the patch
Comment #30
John Cook CreditAttribution: John Cook at Creode commentedI've tested the patch by c.nish2k3 in comment #27.
The extra token,
!severity
, appears in the list of available variables at/admin/config/development/logging
.The Syslog format is not changed if it has already been configured before applying the patch. But on a clean install, enabling syslog will add !severity to the format.
The following is an example output of the log file following clean installs of Drupal with and without the patch. (I have highlighted the added serverity in the second log.)
Log in with one time login link before patch:
Log in with one time login link after patch:
A change log has also been drafted, so I'm setting this to RTBC.
Comment #31
alexpottI'm not sure that we need to make this change to the default configuration. The problem here is this is about integrating with 3rd party tools - so instructions for integrating with logstash / elastic search or whatever log analysis approach you want to take have to change. Why not just do the change without changing the default? And open another issue to discuss changing the default. Take way, people who want the severity and want to change their log analysis can but until we work out all the impacts nothing else has to change.
Also it is a shame that this can't be tested using PHPUnit or something.
Comment #32
c.nish2k3 CreditAttribution: c.nish2k3 as a volunteer commentedUpdated patch incorporating comments from alexpott
Comment #33
dagmarI'm working on this: #2874069: Make syslog testable
Comment #34
John Cook CreditAttribution: John Cook at Creode commentedAdded interdiff from #27 to #32.
Comment #35
John Cook CreditAttribution: John Cook at Creode commentedI have tested the patch from #32.
The outcome is the same as #30 except that the default value is not changed from before and after the patch. The
!severity
token can still be added and is output accordingly. This is all to be expect as the interdiff (#34) shows that the only change is the default value.With this patch and the work being carried out by dagmar on a separate issue, I believe this addresses alexpott's concerns in comment #31. Because of this I'm setting back to RTBC.
Comment #36
dagmarUnless the approach suggested in #2874069: Make syslog testable is incorrect. We should work first on tests and then add new features. Let's try to get some reviews first on #2874069
Comment #37
dagmar#2874069: Make syslog testable is in. We now can test this is working as expected.
Comment #38
pk188 CreditAttribution: pk188 at OpenSense Labs commentedPatch for retesting of #32.
Comment #39
dagmarWe need a test modification in the case introduced here: #2874069: Make syslog testable
Comment #40
pk188 CreditAttribution: pk188 at OpenSense Labs commentedMiss understood. My mistake.
Comment #42
dagmarComment #43
jackpelorus CreditAttribution: jackpelorus as a volunteer and at Globant commentedI have an Idea you con retrieve the static vars about severity and set in array of Test
$severity_levels = RfcLogLevel::getLevels();
$severity = $severity_levels::WARNING;
$this->assertEquals($severity, $log[6]);
Its only a bet !! I try this weekend and upload a patch if working.
Regards
Jack
Comment #44
dagmarThe approach I propose here is.
Comment #45
wesleydv CreditAttribution: wesleydv at District09 commentedUploaded patch:
- Adds
!severity_string
as some systems use the strings instead of the integers- Adds test as described by dagmar
Comment #46
dagmarComment #47
dagmarAmazing! Thanks @wesleydv
I'm not really sure if we should log severity string in syslog. This can be calculated using the RFC 5424 standard and any tool for parsing logs should be capable of do it.
There is no other part of code in core that is doing this as far I know. Actually LoggerChannel::log is doing just the opposite.
Comment #48
wesleydv CreditAttribution: wesleydv at District09 commented@dagmar yes you're probably right about the severity string thing.
I've added a new patch without it, so basicly #38 plus the test.
Comment #49
dagmarGreat. Almost there.
In addition to this, I would like to see a description of what this is actually testing.
All this is already covered in
testSystlogWriting
. I think we could simplify this to only use!type|!message|!severity
to reduce the code of this function.Comment #50
wesleydv CreditAttribution: wesleydv at District09 commentedNew patch reflecting dagmars remarks
Comment #51
John Cook CreditAttribution: John Cook at Creode commentedThis is coming along really well, with thanks to @dagmar and @wesleydv! :D
Can we get a patch with just the test to make sure it fails without the rest of the patch. Thanks.
Comment #52
wesleydv CreditAttribution: wesleydv at District09 commentedTest only patch
I don't think this will add lot of insight, but I guess it won't hurt either.
Comment #54
dagmarFailed as expected. Great work @wesleydv!
I updated the change record: https://www.drupal.org/node/2872254
Comment #56
xjmThanks @dagmar and @wesleydv. Adding this feature makes sense to me.
I was wondering how it was that an unused use statement crept in despite our automated precommit hook that tests this rule along with the others in the ruleset. Turns out the use of
\Drupal::requestStack()
creates a false positive for the use statement.This hunk is technically an out of scope change so shouldn't really be included in the patch, but I let it pass in this case.
Committed and pushed to 8.5.x. Thanks!
Since D7 "Patch (to be ported)" issues haven't been getting their backport issues filed (and so they're remained open , I'm adding a new "Needs D7 backport issue filed" tag, which can be searched on "Closed (fixed)" issues to get the queue of needed backports.
Comment #58
ChaseOnTheWebComment #59
ralphvdhoudt CreditAttribution: ralphvdhoudt at ezCompany commented@xjm The !severity_string as initially developed in #45 bij @wesleydv is useful in cases you don't can or want to use the parser for translating the integers to the PRS Loglevels.
Is there any change the feature will be added to Drupal Core if I make a new issue with a new patch or will it never end up in Drupal Core anyway?
Comment #60
dpovshed CreditAttribution: dpovshed as a volunteer commentedBackport of the patch for Drupal 7.84