0:06 Welcome to this IT Explainer video, part of our Maintenance topic range.
0:11 In this video, we’ll be covering the subjects of SLM application maintenance within SLM.
0:17 In this section, we will be discussing the maintenance files that an IT administrator can refer to when events occur within the software application.
0:25 These events are recorded by the application platform and written to logs which may include errors, warnings, and informational messages.
0:33 The following information will be covered in this training.
0:36 Chapter one will be W3C Log Files, Chapter 2 will be SLMPHP log files, and Chapter 3 will be Update DB passwords.
0:50 In chapter 1, we’ll be covering what type of data is stored in W3C log files and how to configure and access W3C log files.
1:00 W3C log files in IIS provide detailed records of Web server activity in a flexible format that administrators can customize to meet their specific analysis and troubleshooting needs.
1:12 Since it uses a standardised structure, most log analysis tools can pass W3C logs.
1:18 To access the configuration interface for W3C log files, administrators must open IIS, then click on the site that they’re managing, then double click on the logging.
1:29 From there, they can configure the storage location for the log files as well as the fields that are going to be storing those files.
1:37 Administrator can also customise the custom fields here, the types of events that are going to be logged as well as logfile rollover options.
1:50 Now let’s examine an example of these log files.
1:56 As we can see, in this scenario the log files are stored at this location.
2:03 If we navigate to that location here, the logfiles folder, a folder is created for each one of the sites that we have here under the server.
2:13 In this scenario, we have two folders, one for the default website and one for the website that we’re going to be using in this chapter.
2:20 If we go into this folder, we can see that we have a log file that’s been created.
2:27 The log files is currently being created daily, so we have a log file here created for today.
2:33 If we open that log file.
2:35 These logs typically include information such as date, time, client IP address, HTTP method request, request Uri, server response, the status code, and the client Http://protocol version.
2:51 If we start navigating through the application to generate some data for the log file, and then we come back and refresh the log, that recent activity that we just created in SLM is now stored in this file.
3:14 In Chapter 2, we’ll be covering what type of data is stored in PHP log files and how to configure and access PHP log files.
3:23 PHP logs in web applications are used to record the tracking events, errors, and warnings that occurred during the execution of the application.
3:31 These logs provide valuable insights into the application’s performance, help identify issues, debug errors, and monitor security threats.
3:42 Administrators and developers can review PHP logs to troubleshoot problems and ensure the application runs smoothly, improving overall user experience and maintaining system stability.
3:54 To configure the PHP log files, the administrators can modify the dot env file located in the root folder of the application.
4:10 In this file, the variable core_environment must be modified.
4:15 Values that this variable takes are development and production.
4:20 If set to development, all errors will be displayed in the web browser and recorded in a log file.
4:27 If set to production, all errors will be logged into the log file but will not be shown in the web browser.
4:33 Let’s take a look at an example of that.
4:36 For the purpose of this chapter, we’ve introduced a PHP error.
4:40 So let’s start by setting the value to development.
4:44 PHP log files will be located in the logs folder for the application.
4:49 These log files are going to be created daily, so let’s go back to the application.
4:54 Let’s refresh.
4:57 We can see the error has appeared in the web browser.
5:00 Now let’s take a look at the log.
5:04 A log for today has been created.
5:06 Let’s open that.
5:08 The format for this log will display what kind of event has happened.
5:13 In this scenario, it’s an error with the timestamp, the severity, the description, the file where the error has happened, and the line number where the error has occurred.
5:25 Now let’s go back to the configuration file and let’s change this variable to production.
5:33 If we go back into the application and reload, the PHP error doesn’t show up in the web browser now.
5:43 But if we go back to the log file and reload, we can see that the PHP error is still being recorded in this log.
5:55 In chapter 3 we’ll be covering why database passwords should be updated, where to update the SLM database users passwords.
6:05 Updating database passwords regularly for web application is a key security practice, and there’s a few reasons for that.
6:13 The first one, mitigating password links.
6:16 Passwords may be exposed to vulnerabilities, data breaches or insider threats.
6:21 Regular updates reduce a window of time that an exposed password can be exploited.
6:27 The second point preventing unauthorised access.
6:30 As hackers continuously develop new attack methods, regular password changes minimise the risk of unauthorised access to your database #3 the compliance with security standards.
6:42 Many regulatory standards, such as PCIDSS or HEPA require periodic password updates to maintain security best practices #4 reducing the impact of compromised credentials.
6:56 Even if a password is compromised, updating it frequently can help prevent hackers or attackers from gaining long term access #5 protecting from insider threats.
7:07 Regular password updates protects against potential threats from employees or third party vendors who may have had legitimate access at one point, but that’s no longer needed.
7:17 This routine also strengthens the overall security of the application and its sensitive data.
7:23 SLM utilises free users, each with a unique password.
7:27 These configurations are stored in the dot env file located in the application’s root folder under the database configurations.
7:35 In here, administrators can update passwords for the free SLM users as needed within this file.
