Hello Django Users!
I am building a website and am trying to determine a proper logging setup, suitable for production. The default config sends error report emails to admins. However, I am concerned about the level of information being sent. For example, the report includes the traceback and settings. The docs state this regarding the AdminEmailHandler:
It’s generally not considered a good idea to send such potentially sensitive information over email. Consider instead using one of the many third-party services to which detailed logs can be sent to get the best of multiple worlds – the rich information of full tracebacks, clear management of who is notified and has access to the information, and so on.
However, I do not want to use Sentry or other third-party services if possible at this time.
My idea is that I would be sent an email notifying me that an error has occurred, so I can SSH into the server and check the log files containing the complete error reports. The email would include the time-stamp of the error, and maybe a few other basic, insensitive details. Basically, the email would be more or less a notification that I need to check the logs, rather than a detailed error report.
My questions are:
- Is my idea a good one?
- If so, what would be this best way to implement this?
Thank you!
You already know everything.
If you want related documentation, check out these links:
The AdminEmailHandler has a couple hooks available for you to customize its behavior. There’s a setting, DEFAULT_EXCEPTION_REPORTER, that would allow you to override the information being supplied in that email report.
By default, it’s set to django.views.debug.ExceptionReporter, but you can add it to your settings to use a class that you create to produce the email report. (I suggest you look at the source of the existing ExceptionReporter class to see how it works, along with reading the docs at How to manage error reporting | Django documentation | Django
Thank you for the reply. Creating a custom exception reporter as you suggested may be a good solution and is a big improvement over the default. However, the logging record message is still included in the email subject and body. Could this include info that is too sensitive, or do you think this would generally not be considered a big deal?
It depends upon what data is being shown, how and where it’s being sent, and how your organization classifies it.
We have a system that deals with a lot of personal information, but our email server is internal to us. All transmitted data remains on the corporate network. As a result, the decision was made to accept the risk of the information that was being sent through email.
I run a personal site, where the error messages are forwarded to my public email account. However, there is no sensitive or private data that I care about that is being handled - so I don’t care at all about any potential data leak through those emails.
The key point here is that whatever decision you make should be a conscious decision, and not something done by default.
In my case I am just a one-man team, and would be sending the emails with a public (sent over the internet) email address. I get what you’re saying in that it depends on the situation.
I am considering sub-classing the AdminEmailHandler to remove data I don’t want from the subject, etc. There doesn’t seem to be a super clean way to do this, unfortunately. I think I would need to either override the send_mail method or the complex emit method. I was wondering if you could give some insight on what method would make the most sense to override.
If I was looking to create a really limited email message, I would override emit. You probably don’t need 50% of what it’s currently doing, so I’d start by copying the entire method into my class and using my happy chainsaw on it to whittle it down to what is required. (That function is going to be called as part of the log processing within the Handler parent class, so you want it doing as little work as necessary.)
I’d suggest you might want to become familiar with the Handler parent class as well as the AdminEmailHandler class to understand the sequence of events happening within the logging process.
OK, thank you for the advice.