On Wed, Jun 19, 2013 at 1:36 PM, Brian Wolff bawolff@gmail.com wrote:
Is there any *public* list of which exceptions/errors they are. Seeing how many isn't all that helpful unless we know which ones. (yeah yeah I know, there's concerns about data leakage with backtraces, but just the exception names w/o backtrace should be safe (?))
Maybe, e.g. the current one I see if I tail -f fluorine:/a/mw-logs/fatals.log is:
[20-Jun-2013 18:54:45] Fatal error: Call to a member function getCode() on a non-object at /usr/local/apache/common-local/php-1.22wmf8/includes/GlobalFunctions.php on line 1288
Seems OK to display, but meanwhile in exceptions.log:
2013-06-20 18:30:45 mw1076 bswiki: [6d110124] /wiki/[redacted] Exception from line 3303 of /usr/local/apache/common-local/php-1.22wmf7/includes/User.php: User::addToDatabase: hit a key conflict attempting to insert user '[redacted], but it was not present in select!
So the exception/error alone can reveal stuff. And I guess it could hint at an exploit (I hope neither of those do :-/ ).
If there's a problem on a WMF site, unless it's reproduceable on a stock test wiki, I think it'll need someone with access to the fluorine logs machine. For those that have access, < https://wikitech.wikimedia.org/wiki/How_to_deploy_code#Test_and_monitor_your... and https://wikitech.wikimedia.org/wiki/Logs have advice about monitoring logs and graphs.
-- =S Page engineer on Editor Engagement Experiments