Snare. The world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving.

Blog Archives

DNS log and using multiline record separator

In the Snare Enterprise Epilog agent for version 5, we can use \r\n\r\n as the multiline record separator and this will send the DNS logs as one long syslog string. To configure Epilog Agent Select menu item Log Configuration and click Add. Set the following parameters: Select the Log Type: Select Microsoft DNS server logs […]

Read More

How to configure Epilog for DNS Logs for Secureworks

Configuring Microsoft 2003/2008/2012 DNS Debug Logging Click Start > Programs > Administrative Tools > DNS. Now that you have the DNS management console open, right-click on your DNS server and select "Properties". Now that you have the properties open for your DNS server select "Debug Logging". Enable debug logging for DNS packets by selecting "Log […]

Read More

About Agent Caching

For the Snare Enterprise Agent for Windows the primary cache is the Windows event log.  This is the source of all cache management when TCP or TLS are used, so when a system is rebooted and/or the destination is down, then events are bookmarked to the relevant points in the event log so the agent […]

Read More

How to Modify the Agent for Windows Event Replay

The Snare Enterprise Agents for Windows may be modified to read the Windows Event Log from the beginning for replay to the configured logging destination. In order to achieve this we have to stop the SnareCore service, modify the registry key(s) for the desired Channel(s) and then start the SnareCore service for replay.  In detail: […]

Read More

Why is the Linux agent using lots of CPU?

The Snare for Linux agent works with the Unix audit subsystem.  The Linux agent removes the complexity of configuring the audit settings so users don’t have to manage Unix text files as well as providing the security teams remote access to adjust and filter the audit settings without having to login as root on the remote […]

Read More

What to track for compliance for Snare Enterprise Epilog

The following are logs to collect that will help with system monitoring or compliance: Collect DNS debug logs from windows DNS servers, this will allow tracking of all DNS requests and help with detection of Malware on the internal network. Collect DHCP logs from devices obtaining network IP addresses from the Windows DHCP server, this […]

Read More

Is v4 of the Snare Enterprise Agents still supported?

The latest versions of Snare Enterprise Agent for Windows, Snare Enterprise Epilog for Windows and Snare Enterprise Agent for MSSQL are at version 5. The Unix v5 versions of the agents will be available at a later time. The current stream of these Windows based agents Snare Enterprise Agent for Windows (v4.3), Snare Enterprise Epilog for Windows […]

Read More

High Availability

The main objective of high availability is to not lose service to the IT System, so IT systems are duplicated at an alternate site with complete copies of data and functions in the event the main site goes down for some reason. This is part of what is called IT Service Recovery(ITSR) or IT Disaster […]

Read More

Can you use MSI for the Epilog for Windows agent?

Unfortunately we don't have MSI for Epilog for Windows, like we do for Snare Enterprise Agent for Windows. To manage configuration changes centrally for Epilog, you can use Active Directory GPO, and there are ADM templates available, located in SLDM | Products. Return to Knowledge Base.

Read More

Latest Event Page – Connection Status

On the Latest Events page of the Snare agent, each destination configure for logging and its status is displayed, for example, Destination 10.1.2.3:6161(UDP) Status  Connected The current state of the connection indicates what Snare is currently doing with the connection. You will see many different states including: INITIAL - The remote log location is about to […]

Read More

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien