Any advice? Due to the limitations with ERA and the ability to forward threat log events via syslog in an attempt to manage them via our log aggregation system I attempted to streamline the process via other means. I tried to setup forwarding the logs via the notification manager but was disappointed at the options thus the notification manager was true to it's name. Notifications only! What I decided to do is give our desktop admins read-only access to the ERA console. This would give them the ability to access crucial threat log information when they received a notification and the information could be used for troubleshooting critical errors etc... This is a sloppy way to do things and isn't as streamlined as I would like but it would due. until........ I JUST MADE CHANGES TO MY ADVANCED SETTINGS IN SERVER OPTIONS WITH READ-ONLY ACCESS!!!!!!!!!!!!