[j-nsp] System Management on Juniper routers

Neil Fernando neilfernandok@hotmail.com
Sat, 07 Dec 2002 14:41:33 +0000


Hello

I am trying to set a few system management features, and am getting stuck.

When multiple routers are configured to log messages to a single syslog 
server,will the syslog server maintain seperate log files for each router.
Because the Junos docs say "When sending messages to a remote host, you can 
override the facility. For example, you can configure all messages from a 
single router to go to a single log file on the remote host. You can also 
configure different routers to send messages to different log files on the 
same remote host to, for example, segregate messages
representing different regions of the country". I am really unable to get 
the meaning of the command "facility-override".

While trying to define user access with sets of privileges, I am getting 
stuck when trying to restrict the list of commands that are available to a 
user. In this example I define a login class as follows -
login {
    class monitor {
        permissions [ configure view maintenance ];
    }

Now here I would want the user to have an additional command at the 
"configuration level" available to him. The command to be available is 
"load" So i have defined it as follows in the login class definition -

login {
    class monitor {
        permissions [ configure view maintenance ];
        allow-configuration "(load)";
    }

But this does not seem to work, The user with class "monitor" does get a lot 
of additional commands such as "commit/rollback" etc, which I would not want 
to be available to him.

TIA
Neil



_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail