Purpose behind .plx processes


I am looking for documentation that tells me what each .plx function I see in Sophos UTM log files does. I want to valdiate which .plx functions change the firewall config. Some function names are more self explanatory than others. For example:





There are quite a few others.

Thank you,

  • Hi David, and welcome to the UTM Community!

    You won't find such a document.  WebAdmin is a GUI that manipulates databases of objects and settings.  A single change there can cause the Configuration Daemon to rewrite hundreds of lines of the code used to run the UTM.

    Beyond that, let us know what problem you're trying to solve.

    Cheers - Bob

  • In reply to BAlfson:

    Thanks for the reply Bob. I am looking for possible triggers for configuration events. For example, I have the following event:

    11 17 2017 04:18:03 <SYSD:INFO> 2017:11:17-04:18:03 hostname confd[2820]: I main::top-level:557() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="customization->epp->last_updated" value="1510892273" oldvalue="1509422724" user="system" srcip="" sid="wRZAkKhhgdFmYshqLDRy" facility="system" client="mdw.plx" pid="11244"

    With no users logged on at the time I would like to know what changed. I suspected if I knew what "mdw.plx" function did, I would have a better idea of what was changing. This example appears to be a timestamp change. There are other more nebulous changes that are difficult to discern. Thank you.



  • In reply to David Ruess:

    It looks like there was an update to EndPoint Protection (epp) by the system using MiddleWare (mdw).  You can check those logs and the Up2Date log to see what was updated.  My guess would be a regular pattern update which you will see in the Up2Date log.  I think these are details you can save until later to learn.  I would start with learning how to read other logs first:

    Packetfilter logfiles on the Sophos UTM
    A Guide to Logfiles and Output

    Also, see the Rulz and Doug Foster's take on some of them, READ ME FIRST: UTM Architecture.

    Cheers - Bob