Thanks to all that responded to this question, altough I'm afraid some may have
slightly missed the point :-)
I would like for helpdesk and other support staff to be able to point their
browser to a specified address and be able to view the Firewall logs realtime
(from the inside only), without installing the Log Viewer software, thus without
the need for additional user accounts on the Firewall itself.
The majority of use on this particular Firewall is VPN so there are a multitude
of users connecting through and if they cannot get to where they need to get to
then the inital response from them and the support people is that there is a
problem with the Firewall!! Obviously this is rarely true as the users are
either entering incorrect credtentials or are simply not allowed to go where
they are trying to go.
If support could quickly view the Logs through a browser it would save me a
whole heap of time and generally raise the awareness and confidence within the
support departments (It doesn't matter how many times I tell them something they
still don't get it! :-)
Many thanks again
Mike
"Frost, Timothy E" <[EMAIL PROTECTED]> on 26/05/2000 00:17:55
To: "'Robert MacDonald'" <[EMAIL PROTECTED]>, Mike Anning/WEY/EU/CHEP@CHEP,
[EMAIL PROTECTED]
cc:
Subject: RE: [FW1] Log Viewer
It is possible to give different people different rights. From table 7.1 on
page 225 of the version 4.0 Architecture and Administration manual:
Monitor-Only can access the log viewer and system status only
Read only can view, but not change, policy
User edit can modify user data (but presumably not the policy
and rulebase)
Read-Write Can do everything
If Mike's helpdesk staff have Monitor-Only access, they can run the log
viewer and status monitor tools, but not the policy editor.
Tim
--
Timothy Frost mailto:[EMAIL PROTECTED]
EDS New Zealand Fax: +64-4-495-0473
8 Gilmer Terrace Phone: +64-4-495-0504
P O Box 3647
Wellington
New Zealand
> -----Original Message-----
> From: Robert MacDonald [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, May 26, 2000 6:22 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [FW1] Log Viewer
>
>
> For simple problem resolution, the logviewer is a good place to be(as long
> as the problem is being logged - hint, FW-1 <=v4.0 doesn't log policy
> properties). You see almost immediately, the successes and failures(both
> intended and not intended ;-)
>
> If what you want is after the fact short &/or long term problem analysis,
> look into something along the lines of WebTrends for Firewalls &
> VPNs(www.webtrends.com). It iwll create reports and put them into a very
> detailed HTML, among other formats(see examples on their site). These can
> also be scheduled.
>
> Like most logging, it's a reactive world. If you need something to tell
> you if your being 'attacked', then IDS's are the area closer to
> proactivity.
>
> Best of Luck!
> Robert
>
> - -
> Robert P. MacDonald, Network Engineer
> G o r d o n F o o d S e r v i c e
> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
> >>> "Mike Anning" <[EMAIL PROTECTED]> 5/25/00 1:27:53 PM >>>
> >
> >Does anyone know if there is an easy way for the Log Viewer, or the log
> at least
> >to be accessible to others.
> >
> >I'm thinking of allowing helpdesk type people to view the log so they can
> easily
> >diagnose simple problems.
> >I realise I could install the Log Viewer onto their systems with a Read
> Only
> >account, but I was wondering if anyone knows of a way to make the current
> log
> >available through a web browser.
> >
> >Any thoughts would be greatly appreciate
> >
> >Cheers
> >
> >Mike
>
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
