[j-nsp] System Management on Juniper routers
Neil Fernando
neilfernandok@hotmail.com
Sat, 07 Dec 2002 14:41:33 +0000
Hello
I am trying to set a few system management features, and am getting stuck.
When multiple routers are configured to log messages to a single syslog
server,will the syslog server maintain seperate log files for each router.
Because the Junos docs say "When sending messages to a remote host, you can
override the facility. For example, you can configure all messages from a
single router to go to a single log file on the remote host. You can also
configure different routers to send messages to different log files on the
same remote host to, for example, segregate messages
representing different regions of the country". I am really unable to get
the meaning of the command "facility-override".
While trying to define user access with sets of privileges, I am getting
stuck when trying to restrict the list of commands that are available to a
user. In this example I define a login class as follows -
login {
class monitor {
permissions [ configure view maintenance ];
}
Now here I would want the user to have an additional command at the
"configuration level" available to him. The command to be available is
"load" So i have defined it as follows in the login class definition -
login {
class monitor {
permissions [ configure view maintenance ];
allow-configuration "(load)";
}
But this does not seem to work, The user with class "monitor" does get a lot
of additional commands such as "commit/rollback" etc, which I would not want
to be available to him.
TIA
Neil
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail