You also can look in the confd log files. I prefer to use grep at the command line instead of using the search function in WebAdmin. If I want to see all of the changes by [user] in April: zgrep '[user]' /var/log/confd/2016/04/* |grep 'change' I just added the "Extremist" category to our "Open Web Access" Filter Action. First, I look at the Filter Action with: cc get_object_by_name 'http' 'cff_action' 'Open Web Access' In that, I see the last item added was 'REF_hycDbYxmJh' . To confirm I have the right one: cc get_object 'REF_hycDbYxmJh' | grep 'name' That returns 'name' => 'Extremistic_Sites' , so now I can look for the line in the confd log file. grep '[user]' /var/log/confd.log |grep 'REF_hycDbYxmJh' I am rewarded with: 2016:05:05-12:08:39 secure confd[3075]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="cff_action" ref="REF_IiqUeSGrWr" objname="Open Web Access" user="[user]" srcip="10.1.1.64" sid="RhTVHMwvRpgXpjthOztP" facility="webadmin" client="webadmin.plx" pid="28612" oldattr_sp_categories="['REF_HttSpcMalicious','REF_AmbOEIlmFV']" attr_sp_categories="['REF_HttSpcMalicious','REF_AmbOEIlmFV','REF_hycDbYxmJh']" Of course, since this just happened, I can get the information as Sachin suggests: If I only knew that the restriction was put in place earlier this year, I would use either the search tab in WebAdmin or: zgrep 'REF_hycDbYxmJh' /var/log/confd/2016/*/* Cheers - Bob
↧