FastCGI does not pass PHP error to syslog (windows event log) RRS feed

  • Question

  • User2056134008 posted

    Hello everyone,

    i'm trying to get our systems shift to W2K8 and IIS7. Therefore i need to pass every php error to the windows event log (not an error log file!), but unfortunately i can't get it working. This is the only problem as the rest of my php scripts is working properly now. I'm using:

    - IIS 7
    - Windows Server 2008
    - PHP 5.3.0
    - Role Service: Cgi
    - php.ini:
    error_reporting = E_ALL & ~E_DEPRECATED
    log_errors = On
    error_log = syslog

    Strange thing is, that calling php-fcgi.exe on the console passes the errors to the event log without any problem, although it prints a HTTP 500 status:

    php-cgi.exe -c php.ini failure.php
    Status: 500 Internal Server Error
    Content-type: text/html; charset=utf-8

    Even the setting of "fastcgi.logging" (0/1) doesn't fix this issue. I already granted permission for IIS_IUSRS and the Internet Guest Account via regedit to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ and to C:\Windows\System32\winevt without success. Also php 5.2.10 and Zend Server (CE) did not pass it through.

    Can anyone assist and tell me what to do?

    Thanks in advance!

    PS: Where can i find the version of the FastCgi service?


    Thursday, July 30, 2009 4:48 AM

All replies

  • User-779223126 posted

     I've got the same problem.

    Have you resolved this issue yet?

    Wednesday, August 12, 2009 12:14 PM
  • User1630861701 posted

     Hi j3rky,


    I found some more hints:

    1. If you have severe errors in your php.ini, it gets logged in the event log, e.g. 

    PHP Warning:  PHP Startup: Unable to load dynamic library '[..]\ext\php_mbstring.dll' - The specified procedure could not be found.

     2. I found some helpings on IIS6 and PHP5 with fastcgi add-on:

    1. Copy the PHP 5 binaries to "C:\php".
    2. Right-click My Computer and select Properties to bring up the Computer Properties dialog. Switch to the Advanced tab and click Environment Variables. Find the system environment variable PATH, edit it and add ";C:\php" (without the quotes) to the end.
    3. Make sure that the configuration file "php.ini" resides in the directory "C:\php" and contains the correct path settings.
    4. DELETE any old "php.ini" files from "C:\WINDOWS" and other directories.
    5. Open REGEDIT, navigate to the key "HKEY_LOCAL_MACHINE\SOFTWARE\PHP" and DELETE the string value "IniFilePath" from there. It is outdated and no longer necessary!
    6. Modify NTFS security permissions of the directory "C:\php" to give Read and Execute permissions to (1) the IIS Guest Account and (2) the group IIS_WPG.
    7. Modify NTFS security permissions of the directories "C:\php\session" and "C:\php\upload" to give additional Modify permissions to (1) the IIS Guest Account and (2) the group IIS_WPG.
    8. Navigate to the registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application" and edit the value "CustomSD" there. Find the substring "(D;;0xf0007;;;BG)" which Denies access to the application event log for Builtin Guest accounts (like the IIS Web User account) and replace this substring with "(A;;0x3;;;BG)" which allows read and write access. Please pay attention to leave the rest of the security string intact. Damaging this value can have dangerous effects!
    9. Create or update the registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PHP-5.2.0" (adapt the last to your version part if necessary) with the following values:
      • "EventMessageFile" (REG_EXPAND_SZ) = "C:\php\php5ts.dll"
      • "TypesSupported" (REG_DWORD) = 7

    That didn't work out as well. I assume this isn't support by W2K8 any longer?! Any help?


    Wednesday, August 12, 2009 12:41 PM
  • User1630861701 posted


    grant write access on (application) event log (http://www.ravenreport.com/blog/post/Remote-Event-Viewer-Access-Windows-2003--2008.aspx)

    Here is our scenario:

    • get windows Security IDentifier (SID) for all 3 accounts (!)
    • extract current permissions on command line using: wevtutil gl application >temp.txt
    • edit line "channelAccess", e.g: channelAccess: O:BAG:[...]
      • Remove any brackets staring with (D;; and containing any of your SIDs
      • add each of your SIDs in brackets (A;;0x3;;;<SID>) (0x1 = read; 0x2 = write; 0x4=delete) to channelAccess line
      • in our case: (A;;0x3;;;S-1-5-17)(A;;0x3;;;S-1-5-32-568)(A;;0x3;;;S-1-5-20)
    • grant permission by pasting your edited channelAccesson command line: wevtutil sl application /ca:O:BAG:[...]

    You may imagine the odysee i've been through :)
    Let me know if it is working, our which settings you had to modify..


    Friday, August 14, 2009 1:34 PM
  • User-62464392 posted
    Wooooo, got problem with that too, and the solution is working perfectly. :)
    Tuesday, December 14, 2010 12:56 PM