Difference between revisions of "How to allow non-root users to set full packet capture"
From Tech-Wiki
(Created page with "Category:Juniper Networks In ScreenOs 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture. In order t...") |
|||
| Line 1: | Line 1: | ||
[[Category:Juniper Networks]] | [[Category:Juniper Networks]] | ||
| − | In | + | In ScreenOS 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture. |
In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator. | In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator. | ||
Revision as of 03:09, 27 September 2011
In ScreenOS 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture.
In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator.
set envar allow_snoop_detail_by_all=yes
The firewall needs to then be is rebooted, at which point read/write administrators are permitted to use the ‘snoop detail'.
To remove this behaviour the following command needs to be set by the root administrator:
unset envar allow_snoop_detail_by_all
Once again the firewall needs to be rebooted to change the firewall back to the default behavior.