I have 3 domains that belong to the same organization and I am trying to come up with a proper and convenient means of handling errors across all sites.
For starters, my sites are designed as such:
Error reporting is set to ALL
Custom error handler throws exceptions
All code (except the page header and footer) are wrapped in a try/catch
On exception, a simple message is displayed to the user and the exception is logged to file (in a private folder)
This works fine, except that I have 3 websites to check for errors, and I often forget about 2 of them. The third shows the errors when a user logs in as administrator (as the file is locally available). All 3 sites are administrated via an admin portal on the main site.
I thought about logging the errors to database so the main site could show everything, but this breaks if it is a database error (such as temporarily unavailable).
Any suggestions would be appreciated.
Why not just put the errors in a file in a JSON array or something similar, and then make that file externally available for the appropriate sites?
Related
I am trying to deploy a PHP server with php files and a database I received a copy of. However, there are a lot of errors (Mostly from variables used without being declared). Most places I have looked, including the people who built it, say to turn off display of error messages and put them in a log file. The site works fine when I turn off the display and hide them in a log, but the errors are still there.
The trouble is, there are a LOT of errors. The page content triples in size from the sheer amount of error notices that pop up when I don't turn off front end error display. Is simply hiding the errors in a log something that is actually good practice on a non-development server?
The errors should be hidden and logger into a file as they might sometimes contain information which is better not to show to potential attackers but you should fix them.
If the case you forget constantly to look at that file what I did is having a cronjob to check the error file 4 times a day (during the working hours) and if there were errors send them to you by email and clear the log file. This way you are most likely not to miss any error that happened.
Your goal is having 0 lines (errors and warnings) in that error file so you should be fixing them the sooner the better.
One problem I faced is that after logging the errors of one website created by others I started receiving hundreds of errors every few days. That errors seemed strange as they were all from the same moment and according to the errors that seemed to happen when the user was not logged in and should have been redirected. They were of divisions by 0, undefined vars... There was a location header redirect in that case but still I got tons of errors. The errors helped me find that the code was still being executed after the location redirect so I only had to call exit() after the location header to prevent this errors from happening. I would not know they were there if I didn't log them and the server would still be throwing that huge amount of errors while executing that code.
A client has a site running on Kohana 3.0.3. He broke something on it (he's not even entirely sure what, likely he only modified some data in the DB through the admin panel) and now every page returns the not so informant error 500.
From what I understand the error page is actually generated by Kohana (and not by the host). So how do I go about finding what the error actually is. I google a bit, but couldn't find anything specific about debugging a non-working instance of Kohana. I checked the logs in the tmp folder, but no entries appear there for current month.
Is there some debug flag that I can set to be able to see error codes? Or some log file that logs all errors that are returned as 500?
Edit: I have access to the FTP and database, but not to the server admin panel.
After a bit of good old fashioned reverse engineering I found out that errors are hidden when the IN_PRODUCTION variable is set to true. In my case the value was being initialized in the bootstrap.php file in the application directory.
I had to switch from:
define('IN_PRODUCTION', true);
to:
define('IN_PRODUCTION', false);
And now I can see what exactly is breaking.
Edit: The source of the problem on the Kohana site was an error in the frontend menu meta data. So if no part of a Kohana site is available (admin panel included), it's possible that there are errors in the menu structure (my client managed to break it using nothing but the admin panel, so it's probably a bug in the engine/menu module). It's also possible the code is exclusive to that site.
I have a website working and I would like to add log to be able to monitor if some errors append during the day.
I've search on stackoverflow and on the internet about it and there is a lot of information about logging framework, what to log... but for a beginner it is confusing. I do not know how to start.
Here are my questions :
If I had no info, I would create a .txt file and use file_put_contents in my PHP code, inside the catch {}. Is this solution possible ? If not, why? If yes, why is everybody using framework?
If not, what would you recommend ?
How do you use a log file. Do you monitor it once a day, twice a week ?
Where will be located this log file on sever ? In the www (public) directory ? or elsewhere?
If I had no info, I would create a .txt file and use file_put_contents
in my PHP code, inside the catch {}. Is this solution possible ? If
not, why?
You basically have three options here:
Send an email to a specific email address every time an error ocures.
Gather error messages in a logfile as you mentioned.
Create a database and log your error messages in there. You could have different severity levels and can build an extensive logging backend if you wish.
Personally it depends on the scale of your application. For small and medium web pages I think a simple logfile would be sufficient. But if you have lots of different errors and are willing to put some effort in, I can see the benefits of a database solution, especially the reporting on your errors can be a helpful tool.
If yes, why is everybody using framework?
A framework can help you, so that you don't have to code your error management from scratch.
How do you use a log file. Do you monitor it once a day, twice a week ?
There is no hard truth here. I would probably use two apporaches at the same time. I'd create a cronjob which gathers the recent errors and email those once a week to a specific email address. The recipient has to go through the errors (maybe just a summary) and will check if there is anything out of the ordinary. I would also implement a service that monitors your database/log file and create an alert (in form of an email for example) if there is a peek in error messages that is unusual. That way you can easily monitor error peaks.
Where will be located this log file on sever ? In the www (public) directory ? or elsewhere?
I would host them on the webserver but not in a public directory.
Your php.ini will have a log file specified where PHP will log errors. Your web server, such as Apache, will also have its own log file to record access and error. It is completely OK to have your own application log that will record abnormalities you observe in general operations.
Yes, it is fine to have a text file that will log business process abnormalities. I'd recommend having a standard for logging. Line would start with a timestamp, include [ERROR], [WARNING] or [INFO] messages so that logs can be parsed for type or error and between X and Y times. Frameworks are being used because they have a lot of built-in methods (scaffolding) already done so you don't have to write code from scratch. Frameworks also make it easier for other developers to hop on-board and start developing in a standard way. Take a look at this answer about why use a framework.
If a framework has a default location where log files go, I'd use that as long as the log file is not exposed to the public
Monitoring/Audit of a log file is different from logging. Depending on the critical nature of business abnormalities, I'd do auditing. For example, if the code is logging a warning that customer is attempting to order a particular part in mass, I'd monitor for WARNING messages every hour. I'd monitor for ERRORS every half hour (again, depending on the critical nature of the error). I'd prefer an overnight audit to see what all went wrong. More importantly, it would be ideal to have someone take charge of attending to those issues. You may find that some WARNINGS and ERRORS are not as important or relevant anymore. In those cases, someone should pick up the task of improving code to remove such logs. That way your logs say relevant and easy to attend to
The file should be located outside of the www public directory and should not be exposed through a URL. I prefer logs to be stored on a different drive altogether.
Personally I use this function
error_log();
I can then log any manual errors, along with other things such as index not found or parse errors, etc (which should not be occurring regularly). This function will assume the error log is wherever it's specified in php.ini
I am just about to launch a fairly large website for the first time. I have turned off all error messages in my php.ini and error messages are now logged to an "error_log" file on my server.
My question is, now that the errors are logged to a file, what are the best ways that web developers keep on top of seeing when/where errors occur on the website?
At the moment, it seems like the best way would be to constantly check the error_log file everyday, however this doesn't seem like the most efficient solution. Ideally I would receive an email everytime an error occurs (with the error message). Any advice on how I can keep on top of errors would be greatly appreciated!
Extra Info
Running on Shared Server (HostMonster)
Website Authored in PHP
There are two main functions in PHP that help catching errors and exceptions. I suggest that you take a look at them :
set_exception_handler
set_error_handler
In our company, we handle all errors that occurs on our websites with those functions, defining our own errors and exceptions handling methods.
When an error occurs, an email is sent to the developers team.
The place I previously worked at used a custom extension to handle error logging. It basically INSERT DELAY the errors into a DB with some extra information. Then, a separate admin tool was written to be able to easily search, browse, sort and manually prune the log table.
I recommend that you don't write a custom extension, but that you use the set_error_handler method and just write to a DB instead. If the DB is unavailable, then write to a file as a backup. It'll be worlds easier than dealing with a huge file and a one-off format.
If you want, you can also email yourself hourly summaries, but I don't suggest you send anything more than that or you'll be hating yourself.
You can email yourself on errors, if there was no email in last N hours.
If you don't expect many errors, a "private" RSS/ATOM feed might work well... whereby you don't need to worry if you don't get anything... but if you start getting "updates" you know there are issues.
I don't know how Hostmonster handles log rotation, but generally you want to monitor the size of your error_log file. If the size jumps suddenly, there's definitely something you need to check up on so you'ld want to get an email telling you that the logfile size jumped unexpectedly.
Other than that, you can combine the error logs at the end of the week and email them to yourself and debug on the weekend. If an error is only happening a few times a week it's probably not too serious of an issue.
I've found out how to convert errors into exceptions, and I display them nicely if they aren't caught, but I don't know how to log them in a useful way. Simply writing them to a file won't be useful, will it? And would you risk accessing a database, when you don't know what caused the exception yet?
You could use set_error_handler to set a custom exception to log your errors. I'd personally consider storing them in the database as the default Exception handler's backtrace can provide information on what caused it - this of course won't be possible if the database handler triggered the exception however.
You could also use error_log to log your errors. It has a choice of message destinations including:
Quoted from error_log
PHP's system logger, using the Operating System's system logging mechanism or a file, depending on what the error_log configuration directive is set to. This is the default option.
Sent by email to the address in the destination parameter. This is the only message type where the fourth parameter, extra_headers is used.
Appended to the file destination . A newline is not automatically added to the end of the message string.
Edit: Does markdown have a noparse tag for underscores?
I really like log4php for logging, even though it's not yet out of the incubator. I use log4net in just about everything, and have found the style quite natural for me.
With regard to system crashes, you can log the error to multiple destinations (e.g., have appenders whose threshold is CRITICAL or ERROR that only come into play when things go wrong). I'm not sure how fail-safe the existing appenders are--if the database is down, how does that appender fail?--but you could quite easily write your own appender that will fail gracefully if it's unable to log.
Simply writing them to a file won't be useful, will it?
But of course it is - that's a great thing to do, much better than displaying them on the screen. You want to show the user a nice screen which says "Sorry, we goofed. Engineers have been notified. Go back and try again" and ABSOLUTELY NO TECHNICAL DETAIL, because to do so would be a security risk. You can send an email to a shared mailbox and log the exception to file or DB for review later. This would be a best-practice.
I'd write them to a file - and maybe set a monitoring system up to check for changes to the filesize or last-modified date. Webmin is one easy way, but there are more complete software solutions.
If you know its a one-off error, then emailing a notice can be fine. However, with a many hits per minute website, do not ever email a notification. I've seen a website brought down by having hundreds of emails per minute being generated to say that the system could not connect to the database. The fact that it also had a LoadAvg of > 200 because of of the mail server being run for every new message, did not help at all. In that instance - the best scenario was, by far and away, the watchdog checking for filesizes and connecting to an external service to send an SMS (maybe an IM), or having an external system look on a webpage for an error message (which doesn't have to be visible on screen - it can be in a HTML comment).
I think it depends a lot of where your error occured. If the DB is down logging it to the DB is no good idea ;)
I use the syslog() function for logging the error, but I have no problems writing it to a file when I'm on a system which has no syslog-support. You can easily set up your system to send you an email or a jabber message using for example logwatch or the standard syslogd.
I second log4php. I typically have it configured to send things like exceptions to ERROR or CRITITCAL and have them written to syslog. From there, you can have your syslog feed into Zenoss, Nagios, Splunk or anything else that syslog can talk to.
You can also catch and record PHP exceptions using Google Forms. There is a tutorial here that explains the process.