[SERVER-39406] Log redaction unnecessary obfuscates WiredTiger error messages Created: 06/Feb/19  Updated: 06/Dec/22  Resolved: 14/Feb/19

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: 3.6.7
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Dmitry Ryabtsev Assignee: Backlog - Storage Execution Team
Resolution: Won't Fix Votes: 6
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-39898 Initial sync statistics should not be... Closed
Assigned Teams:
Storage Execution
Operating System: ALL
Participants:
Case:

 Description   

If log redaction is enabled, then WiredTiger errors also get redacted:

2019-02-04T13:05:59.336-0500 E STORAGE  [thread3006] WiredTiger error (-31804) ### 

This is how a sample message like that looks if not redacted:

2018-05-10T19:26:23.657+0100 E STORAGE  [thread1] WiredTiger (-31804) [1525976783:657574][1:0x7f2e2279b700], file:mongoose_riskdev/index/475--5542394675829158327.wt, WT_SESSION.checkpoint: the process must exit and restart: WT_PANIC: WiredTiger library panic

As you can see, this message does not have any PII information and therefore the redaction is not justified.

This is a defect that makes diagnostics harder.



 Comments   
Comment by Geert Bosch [ 14/Feb/19 ]

It is not always safe to leave WiredTiger error messages unredacted. It would be a large effort to push redaction code down to WiredTiger, as we'd have to audit every place WiredTiger can return errors. So we will close this as won't fix.

Comment by Dmitry Ryabtsev [ 06/Feb/19 ]

There are actually a number of places where redact() is applied to a WiredTiger message. Would be nice to review all these instances.

Comment by Kelsey Schubert [ 06/Feb/19 ]

Assigning to the Storage Engines Team to confirm that this message will always be safe to unredact.

Generated at Thu Feb 08 04:51:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.