which log is best for network definition changes

Question

Hello, 
 I was wondering if anyone could help. I have a remote syslog setup and need to know which log would contain the appropriate information for changes made to network definitions within Sophos UTM 9. 
 For example (when I've enabled the configuration daemon and device agent logs), when I drag a Network to a Network group and save the new config, the logged event information I currently get doesn't accurately show what was changed and looks similiar to : 
 attr_members="['REF_XXX','REFXXX2', REF...` (where REF_XXX look like the networks added to the group) Any ideas whether these are the only outputs to be expected or can another log show more detailed and user friendly output for changes made? Thanks in advance!

BAlfson · Answer

Hi, Jav, and welcome to the UTM Community! 
 You want the confd log. If you don't see what you need there, you also can check the confd-debug log. Also, see https://community.sophos.com/products/unified-threat-management/f/general-discussion/76880/are-the-changes-that-i-make-logged 
 At the command line of the UTM, you can see all WebAdmin changes instead of the last 20 sessions (resident genius teched_01 offered this two years ago) enter the following as a single line: 
 psql reporting -U reporting -c "SELECT confd_sessions.*, confd_nodes.* FROM confd_sessions INNER JOIN confd_nodes ON confd_sessions.sid = confd_nodes.sid WHERE confd_sessions.facility = 'webadmin';" 
 Cheers - Bob