How to allow non-root users to set full packet capture
From Tech-Wiki
Revision as of 04:55, 12 July 2011 by Linogenco (Talk | contribs) (Created page with "Category:Juniper Networks In ScreenOs 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture. In order t...")
In ScreenOs 5.4 or later, by default, only the root administrators can run 'snoop detail' which allows for a full size packet capture.
In order to allow the read/write administrators to run snoop detail, the environment variable can be set or unset by root administrator.
set envar allow_snoop_detail_by_all=yes
The firewall needs to then be is rebooted, at which point read/write administrators are permitted to use the ‘snoop detail'.
To remove this behaviour the following command needs to be set by the root administrator:
unset envar allow_snoop_detail_by_all
Once again the firewall needs to be rebooted to change the firewall back to the default behavior.