InterSect [InterSect Swish]
Search Our Site
  Enter Search Terms

IAI is very proud to announce that Solutionary has selected Snare as their technology partner for the ActiveGUARD managed service platform.
InterSect Alliance International

As some are already aware, InterSect Alliance was recently purchased by Prophecy International, and is now InterSect Alliance International Pty Ltd. More good news to come.
The Snare and Epilog agents, from InterSect Alliance, are considered to be the de-facto industry standard for eventlog and audit log collection.
The agents are available in two different versions:
  • The Snare, and Epilog Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set, including guaranteed delivery, encryption, and custom event sources.
  • Snare, and Epilog: Open source editions - Audit and event log collection, with code available under the terms of the GNU Public License.

FeatureEnterprise EditionOpen Source Edition
Guaranteed message delivery (TCP)
Event log caching
Encryption (with the Snare Server)
Log message simulcasting
Dynamic DNS support
Centralized configuration management
Custom Windows eventLog sources
Vendor product support
Easy to use installer
Filter for events of interest
Remote control interface
View local and network users and groups
View local Registry configuration
UDP and Syslog destination options
Non-GUI install option
Upgrade option to preserve existing configuration settings
Debug mode

Request a Quotation Snare Agents - Details

[Snare Logo]

The team at InterSect Alliance has experience with auditing and intrusion detection on a wide range of platforms such as - Solaris, Windows 2000/NT/XP/2003/Vista/Windows 7, AIX, even MVS (ACF2/RACF); and within a wide range of IT security in businesses such as - National Security and Defence Agencies, Financial Service firms, Government Departments and Service Providers.

This background gives us an insight into how to effectively deploy host and network intrusion detection systems that support and enhance an organisation's business goals.

As long term users of the Linux operating system, we believe that an effective auditing and event logging subsystem is a key prerequisite for many large organisations; particularly those that need to meet national, or international security-related legislative requirements.

Snare is currently used by hundreds of thousands of individuals, and organisations worldwide. Snare for Linux is used by many large Financial, Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to meet elements of local and federal security requirements, such as:

InterSect Alliance welcome your support, comments, and contributions. Our contact details are available from our contact page.

Screen Shots

Setting an objective using the tiny browser-compatible control system.

Viewing recent events using the internal event browser.

There are some important updates in this version of the agent that you should be aware of:

There are two release versions of the agent:

  • The SUPP version is for clients who have purchased an enterprise licence and use the enhanced versions of the agent.
  • There is a free version of the agent availble from this website. The agent is no longer open source.

A number of security enhancements have been made to the micro web interface that will eventually make their way into the other agents

  • Cookies are now required to commit configuration changes
  • The authentication method has been updated to protect passwords in transit
  • The Remote Configuration web page has been updated to protect password updates in transit
  • Configuration changes cannot be made via the address bar only
The native audit subsystem is a prerequisite for the installation of the Snare for Linux agent. This may be available on distributions that run kernel 2.6.13 and above.

We also recommend turning on Snare's tiny web-browser compatible configuration interface by modifying /etc/audit/snare.conf, uncommenting "allow=1" from the [Remote] section of the configuration file, and restarting the audit subsystem (/etc/init.d/auditd restart). Once this is done, you will be able to point a web browser at port 6161 on the local machine to configure objectives and otherwise manage your agent. We recommend setting a password to restrict access, and you may also want to take advantage of the application-level firewall capability.
Your feedback is important to us. Please let us know if you encounter any problems, or have a suggested base objective setup for the final release.

Version 3.0.0 RPMs
For SuSE: audit, libaudit0 and libaudit1 will need to be installed.
32 bt RPM:

64 bit RPM:
Install by running the command:
rpm -i SnareLinux-3.0.0-1.i386.rpm or rpm -i SnareLinux-3.0.0-1.x86_64.rpm
Remove by running the command:
rpm -e SnareLinux

Snare Server
With its' origins in open source software, the Snare Server from InterSect Alliance provides a central collection, analysis, reporting and archival tool for a very wide variety of log formats.

Click here for more information
Snare Demonstration

Snare Introduction

Snare Agents

Snare Server
Click on a video above, to find out more about Snare and to access the Snare Demonstration Server
Copyright (c) 1999-2013 InterSect Alliance Pty Ltd