Difference between revisions of "How to allow non-root users to set full packet capture"
From Tech-Wiki
(Created page with "Category:Juniper Networks In ScreenOs 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture. In order t...") |
|||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
− | [[Category: | + | [[Category:Juniper_Networks]] |
− | In | + | In ScreenOS 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture. |
In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator. | In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator. |
Latest revision as of 03:30, 8 August 2016
In ScreenOS 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture.
In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator.
set envar allow_snoop_detail_by_all=yes
The firewall needs to then be is rebooted, at which point read/write administrators are permitted to use the ‘snoop detail'.
To remove this behaviour the following command needs to be set by the root administrator:
unset envar allow_snoop_detail_by_all
Once again the firewall needs to be rebooted to change the firewall back to the default behavior.