Purpose behind .plx processes


I am looking for documentation that tells me what each .plx function I see in Sophos UTM log files does. I want to valdiate which .plx functions change the firewall config. Some function names are more self explanatory than others. For example:





There are quite a few others.

Thank you,

  • Hi David, and welcome to the UTM Community!

    You won't find such a document.  WebAdmin is a GUI that manipulates databases of objects and settings.  A single change there can cause the Configuration Daemon to rewrite hundreds of lines of the code used to run the UTM.

    Beyond that, let us know what problem you're trying to solve.

    Cheers - Bob

  • In reply to BAlfson:

    Thanks for the reply Bob. I am looking for possible triggers for configuration events. For example, I have the following event:

    11 17 2017 04:18:03 <SYSD:INFO> 2017:11:17-04:18:03 hostname confd[2820]: I main::top-level:557() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="customization->epp->last_updated" value="1510892273" oldvalue="1509422724" user="system" srcip="" sid="wRZAkKhhgdFmYshqLDRy" facility="system" client="mdw.plx" pid="11244"

    With no users logged on at the time I would like to know what changed. I suspected if I knew what "mdw.plx" function did, I would have a better idea of what was changing. This example appears to be a timestamp change. There are other more nebulous changes that are difficult to discern. Thank you.