Logging and alerts

A package providing two logging submodules that send Drupal log messages to email addresses and/or the web server's error log based on configurable severity levels.

logging_alerts
891 sites
25
drupal.org
gui api
logging email alerts monitoring error log watchdog notifications debugging server log severity levels

Overview

The Logging and alerts module is a comprehensive logging solution for Drupal that extends the core logging capabilities. It provides two independent submodules that can be used separately or together to handle Drupal's watchdog/log messages.

The Email Logging and Alerts submodule allows administrators to receive email notifications for log entries, with the ability to configure different email addresses for different severity levels. This is particularly useful for receiving critical alerts on mobile devices while less urgent notices go to regular email.

The Web Server Logging and Alerts submodule writes Drupal log messages to the web server's error log (via PHP's error_log() function), making it easier to integrate Drupal logging with server-level log management tools and centralized logging systems.

Both submodules support RFC 5424 log severity levels: Emergency, Alert, Critical, Error, Warning, Notice, Informational, and Debug.

Features

  • Send email alerts for Drupal log messages with configurable recipients per severity level
  • Route different severity levels to different email addresses (e.g., critical alerts to pager, notices to regular email)
  • Include optional debug information in email alerts: $_SERVER, $_ENV, $_REQUEST, $_COOKIE, $_GET, $_POST, $_SESSION, and debug_backtrace()
  • Limit consecutive similar email alerts to prevent email flooding during error storms
  • Configure similarity threshold and time window for detecting duplicate alerts
  • Write Drupal log messages to the web server's error log for integration with external log management
  • Customizable email templates via Twig theming system with template suggestions based on severity and log type
  • Extensible debug information via hook_emaillog_debug_info_alter()

Use Cases

Critical Error Mobile Alerts

Configure Emergency, Alert, and Critical severity levels to send to a mobile phone email or SMS gateway, while Error and Warning levels go to a standard email inbox. This ensures immediate notification of critical issues without inbox overload from less urgent messages.

Development Debugging

Enable the $_REQUEST, $_SESSION, and debug_backtrace() debug information for Warning and Error levels during development. Use the backtrace replacement feature to keep email sizes manageable while still providing stack trace context.

Centralized Log Management

Use Web Server Logging to write all Error and Critical messages to the server's error log, where they can be collected by log aggregation tools like the ELK stack, Splunk, or cloud logging services for centralized monitoring and alerting.

Error Storm Prevention

Configure the email sending limits to prevent inbox flooding during error cascades. Set maximum similar emails to 5, consecutive timespan to 5 minutes, and similarity level to 0.9 to receive at most 5 similar alerts within any 5-minute period.

Dual Logging Strategy

Enable both submodules: use Email Logging for Emergency through Error levels to receive immediate notifications, and Web Server Logging for all levels to maintain a complete server-side log record for forensic analysis.

Custom Email Templates by Log Type

Create theme template overrides like emaillog--error--security.html.twig to provide custom formatting for specific combinations of severity level and log channel, enabling specialized email formats for security-related alerts.

Tips

  • Use different email addresses for different severity levels - route critical alerts to a pager or SMS gateway while less urgent messages go to a shared inbox.
  • Start with minimal debug information and add more as needed - excessive debug data can slow down logging and create very large emails.
  • The error log format is pipe-delimited for easy parsing by log analysis tools: SiteName|URL|severity=X|type=X|ip=X|uri=X|referer=X|uid=X|link=X|message=X
  • Create custom email templates by overriding emaillog.html.twig or using template suggestions like emaillog--critical.html.twig for severity-specific formatting.
  • Combine both submodules: use email for immediate human notification and error log for machine-readable log aggregation.
  • Test email delivery by triggering a watchdog message with your configured severity level using devel module or custom code.
  • The similarity detection uses PHP's similar_text() function - set the threshold based on your specific message patterns to effectively prevent duplicates without missing unique errors.

Technical Details

Admin Pages 2
Email logging and alerts /admin/config/development/emaillog

Configure email addresses for receiving log alerts at different severity levels, optional debug information to include, and settings to prevent email flooding from similar alerts.

Web server logging and alerts /admin/config/development/errorlog

Configure which severity levels should be written to the web server's error log.

Permissions 1
Administer site configuration

Required to access both Email Logging and Web Server Logging configuration pages. This is a core permission, not defined by this module.

Hooks 2
hook_emaillog_debug_info_alter

Allows modules to alter the debug information that is attached to email alerts. This can be used to add custom debug information or modify/remove existing information.

hook_mail (emaillog)

Implements hook_mail to build email alert messages. The module uses the 'alert' key and constructs subject and body using the emaillog theme template.

Troubleshooting 5
Emails are not being sent for log messages

Verify that an email address is configured for the relevant severity level at /admin/config/development/emaillog. Also ensure your site's mail system is properly configured and the site email address is set at /admin/config/system/site-information.

Receiving too many similar email alerts

Configure the Email sending limits section: set a maximum number of consecutive similar emails, a timespan for considering emails consecutive, and a similarity threshold. For example: max 3 emails, 10 minute window, 0.85 similarity level.

Email alerts contain excessive debug information causing performance issues

Enable 'Replace debug_backtrace() argument values with types' to reduce backtrace size. Limit which debug variables are included by unchecking unnecessary options in the debug info matrix.

Log messages not appearing in web server error log

Verify that the relevant severity levels are checked at /admin/config/development/errorlog. Check your PHP and web server error log configuration to ensure error_log() output is being captured.

Email subject line is generic instead of showing the log message

Ensure 'Use legacy email subject' is unchecked in the Legacy settings section. The modern format includes a truncated version of the log message in the subject line.

Security Notes 4
  • Debug information like $_SESSION, $_COOKIE, $_POST, and $_REQUEST may contain sensitive user data including session tokens and form submissions - only enable these for development or when absolutely necessary for debugging.
  • Email alerts are sent in plain text and may traverse unencrypted networks - avoid including highly sensitive debug information on production systems.
  • The module uses Drupal's mail system which respects configured mail handlers - ensure your mail backend provides appropriate security (TLS, authentication) for sensitive log data.
  • Review the error log output location and permissions to ensure sensitive information in log messages is not exposed to unauthorized users.