Traceability and user control
Posted: Tue Jun 27, 2017 5:36 pm
Hi
I was wondering how Mikrotik deal with it. So i have asked the support, and they told me that don´t have implemented this kind of control.
I research about Tacacs and UserMan:
*Tacacs i find some forum threads asking about it and some answer that it will not be implemented.
*UserMan, I try to do it but i discovery it can´t provide this kind of information. It just log "userX" login at 11:00AM.
I would like to know what this user have done. Something like:
UserX Log:
20170627-10:39:22AM - included firewall rule #50 - forward, port 23 -> accept
20170627-10:43:47AM - altered firewall rule #20 - output udp port 514 -> accept
20170627-10:50:19AM - deleted firewall rule #15 - input, port 3389 , int interface wan
So i would like to ask you guys, how do you deal with the traceability and user control at huge networks with 500+ routers and a team of 20+ operators ?
How do you log any change done by each user ?
Thanks you
I was wondering how Mikrotik deal with it. So i have asked the support, and they told me that don´t have implemented this kind of control.
I research about Tacacs and UserMan:
*Tacacs i find some forum threads asking about it and some answer that it will not be implemented.
*UserMan, I try to do it but i discovery it can´t provide this kind of information. It just log "userX" login at 11:00AM.
I would like to know what this user have done. Something like:
UserX Log:
20170627-10:39:22AM - included firewall rule #50 - forward, port 23 -> accept
20170627-10:43:47AM - altered firewall rule #20 - output udp port 514 -> accept
20170627-10:50:19AM - deleted firewall rule #15 - input, port 3389 , int interface wan
So i would like to ask you guys, how do you deal with the traceability and user control at huge networks with 500+ routers and a team of 20+ operators ?
How do you log any change done by each user ?
Thanks you