If you need to send alerts for PHP errors or some other error messages you can use SEC – simple event correlator. Here’s how you can do that. It’s assumed that you use php-fpm / nginx setup on Centos 6.5, but it should work on Debian/Ubuntu as well.
Let’s suppose your PHP log is in /var/log/php-fpm/example.com-error.log. Make sure you have catch_workers_output = yes in your php-fpm configuration file so PHP errors go to a dedicated file.
We need to install sec. Basically it’s a Perl script (~11k lines of code!), but we will install it from rpm with yum.
yum install sec
Now we need to creare a configuration files for it. Put this to /etc/sec/php.conf:
type=Single ptype=RegExp pattern=^\[.+\] PHP Fatal error.+$ desc=PHP error action=add nginx-php-errors $0 type=Calendar time=* * * * * desc=Mail web errors context=nginx-php-errors action=report nginx-php-errors /bin/mail -s "example.com PHP errors" admin@example.com; delete nginx-php-errors;
Now add the following line to /etc/sysconfig/sec:
SEC_ARGS[0]="-detach --conf=/etc/sec/php.conf --input=/var/log/php-fpm/example.com-error.log -log=/var/log/sec -intevents -pid=/var/run/sec.pid --debug=6"
If you need to monitor more than one log, you can add similar line:
SEC_ARGS[1]="-detach --conf=/etc/sec/php2.conf --input=/var/log/php-fpm/example2.com-error.log -log=/var/log/sec -intevents -pid=/var/run/sec2.pid --debug=6"
Start it:
service sec start
And wait. SEC will send you a notification when there’s a fatal error.
It uses a regular expression to find what it needs to send. So you can use it for more complex setups, like application logs or web server access logs.