IAI is very proud to announce that Solutionary
has selected Snare as their technology partner for the ActiveGUARD managed service platform.
InterSect Alliance International
As some are already aware, InterSect Alliance was recently purchased by Prophecy International
, and is now InterSect Alliance International Pty Ltd. More good news to come.
The Snare and Epilog agents, from InterSect Alliance, are considered
to be the de-facto industry standard for eventlog and audit log collection.
The agents are available in two different versions:
- The Snare, and Epilog Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set, including guaranteed delivery, encryption, and custom event sources.
- Snare, and Epilog: Open source editions - Audit and event log collection, with code available under the terms of the GNU Public License.
|Feature||Enterprise Edition||Open Source Edition|
|Guaranteed message delivery (TCP)|
|Event log caching|
|Encryption (with the Snare Server)|
|Log message simulcasting|
|Dynamic DNS support|
|Centralized configuration management|
|Custom Windows eventLog sources|
|Vendor product support|
|Easy to use installer|
|Filter for events of interest|
|Remote control interface|
|View local and network users and groups|
|View local Registry configuration|
|UDP and Syslog destination options|
|Non-GUI install option|
|Upgrade option to preserve existing configuration settings|
The team at InterSect Alliance has experience with auditing and
intrusion detection on a wide range of platforms such as - Solaris,
Windows 2000/NT/XP/2003/Vista/Windows 7, AIX, even MVS (ACF2/RACF); and within
a wide range of IT security in businesses such as - National Security and
Defence Agencies, Financial Service firms, Government Departments and Service
This background gives us an insight into how to effectively
deploy host and network intrusion detection systems that support and enhance
an organisation's business goals.
As long term users of the Linux operating system, we believe that
an effective auditing and event logging subsystem is a key prerequisite
for many large organisations; particularly those that need to meet national, or international security-related legislative requirements.
InterSect Alliance welcome your support, comments, and contributions. Our contact details are
available from our contact page.
Setting an objective using the tiny browser-compatible control system.
Viewing recent events using the internal event browser.
There are some important updates in this version of the agent that you should be aware of:
There are two release versions of the agent:
- The SUPP version is for clients who have purchased an enterprise licence and use the enhanced versions of the agent.
- There is a free version of the agent availble from this website. The agent is no longer open source.
A number of security enhancements have been made to the micro web interface that will eventually make their way into the other agents
- Cookies are now required to commit configuration changes
- The authentication method has been updated to protect passwords in transit
- The Remote Configuration web page has been updated to protect password updates in transit
- Configuration changes cannot be made via the address bar only
The native audit subsystem is a prerequisite for the installation of the Snare for Linux agent.
be available on distributions that run kernel 2.6.13 and above.
We also recommend turning on Snare's tiny web-browser compatible configuration interface by modifying /etc/audit/snare.conf, uncommenting "allow=1" from the [Remote] section of the configuration file, and restarting the audit subsystem (/etc/init.d/auditd restart). Once this is done, you will be able to point a web browser at port 6161 on the local machine to configure objectives and otherwise manage your agent. We recommend setting a password to restrict access, and you may also want to take advantage of the application-level firewall capability.
Your feedback is important to us. Please let us know if you encounter any problems, or have a suggested base objective setup for the final release.
|Version 3.0.0 RPMs
For SuSE: audit, libaudit0 and libaudit1 will need to be installed.
32 bt RPM:
64 bit RPM:
Install by running the command:
Remove by running the command:
rpm -i SnareLinux-3.0.0-1.i386.rpm or rpm -i SnareLinux-3.0.0-1.x86_64.rpm
rpm -e SnareLinux
With its' origins in open source software, the Snare Server from InterSect Alliance provides a central collection, analysis, reporting and archival tool for a very wide variety of log formats.Click here for more information
Click on a video above, to find out more about Snare and to access the Snare Demonstration Server