Are the changes that I make logged?

Hi Joe,

You can monitor the changes made in last 20 sessions. Click on Management tab which will give you the following report. PFA Screenshot:

Hope that helps.

Thanks

You also can look in the confd log files.  I prefer to use grep at the command line instead of using the search function in WebAdmin.  If I want to see all of the changes by [user] in April:

zgrep '[user]' /var/log/confd/2016/04/* |grep 'change'

I just added the "Extremist" category to our "Open Web Access" Filter Action.  First, I look at the Filter Action with:

cc get_object_by_name 'http' 'cff_action' 'Open Web Access'

In that, I see the last item added was 'REF_hycDbYxmJh'.  To confirm I have the right one:

cc get_object 'REF_hycDbYxmJh' | grep 'name'

That returns 'name' => 'Extremistic_Sites', so now I can look for the line in the confd log file.

grep '[user]' /var/log/confd.log |grep 'REF_hycDbYxmJh'

I am rewarded with:

2016:05:05-12:08:39 secure confd[3075]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="cff_action" ref="REF_IiqUeSGrWr" objname="Open Web Access" user="[user]" srcip="10.1.1.64" sid="RhTVHMwvRpgXpjthOztP" facility="webadmin" client="webadmin.plx" pid="28612" oldattr_sp_categories="['REF_HttSpcMalicious','REF_AmbOEIlmFV']" attr_sp_categories="['REF_HttSpcMalicious','REF_AmbOEIlmFV','REF_hycDbYxmJh']"

Of course, since this just happened, I can get the information as Sachin suggests:

If I only knew that the restriction was put in place earlier this year, I would use either the search tab in WebAdmin or:

zgrep 'REF_hycDbYxmJh' /var/log/confd/2016/*/*

Cheers - Bob

Here is a place to start looking:  https://community.sophos.com/products/unified-threat-management/f/52/p/29933/99682#99682

What do you and your auditor think of each suggestion?