It is possible to give different people different rights. From table 7.1 on
page 225 of the version 4.0 Architecture and Administration manual:
Monitor-Only can access the log viewer and system status only
Read only can view, but not change, policy
User edit can modify user data (but presumably not the policy
and rulebase)
Read-Write Can do everything
If Mike's helpdesk staff have Monitor-Only access, they can run the log
viewer and status monitor tools, but not the policy editor.
Tim
--
Timothy Frost mailto:[EMAIL PROTECTED]
EDS New Zealand Fax: +64-4-495-0473
8 Gilmer Terrace Phone: +64-4-495-0504
P O Box 3647
Wellington
New Zealand
> -----Original Message-----
> From: Robert MacDonald [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 26, 2000 6:22 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [FW1] Log Viewer
>
>
> For simple problem resolution, the logviewer is a good place to be(as long
> as the problem is being logged - hint, FW-1 <=v4.0 doesn't log policy
> properties). You see almost immediately, the successes and failures(both
> intended and not intended ;-)
>
> If what you want is after the fact short &/or long term problem analysis,
> look into something along the lines of WebTrends for Firewalls &
> VPNs(www.webtrends.com). It iwll create reports and put them into a very
> detailed HTML, among other formats(see examples on their site). These can
> also be scheduled.
>
> Like most logging, it's a reactive world. If you need something to tell
> you if your being 'attacked', then IDS's are the area closer to
> proactivity.
>
> Best of Luck!
> Robert
>
> - -
> Robert P. MacDonald, Network Engineer
> G o r d o n F o o d S e r v i c e
> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
> >>> "Mike Anning" <[EMAIL PROTECTED]> 5/25/00 1:27:53 PM >>>
> >
> >Does anyone know if there is an easy way for the Log Viewer, or the log
> at least
> >to be accessible to others.
> >
> >I'm thinking of allowing helpdesk type people to view the log so they can
> easily
> >diagnose simple problems.
> >I realise I could install the Log Viewer onto their systems with a Read
> Only
> >account, but I was wondering if anyone knows of a way to make the current
> log
> >available through a web browser.
> >
> >Any thoughts would be greatly appreciate
> >
> >Cheers
> >
> >Mike
>
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
