Snare

From ITS Wiki - Information Technology Services - University of Rhode Island

Jump to: navigation, search
Service.png Services

This page is part of a category. To see more pages like this, go to the Services index.

Snare for Windows is a Windows NT, Windows 2000, Windows XP, and Windows 2003 compatible service that interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time transfer of event log information. Snare for Windows also support 64 bit versions of Windows (X64 and IA64).

Windows Instructions

Installation

  • Contact ITS Security with the following information:
    • Name of server administrator
    • Department
    • Physical location of server
    • Server IP address
    • Operating system version
    • Contact phone number and email address for server administrator.
  • Install the Snare onto the target server.
    Note: You must have administrative privileges.
    1. Download the SnareSetup.exe to your desktop.
    2. Double click SnareSetup.exe.
    3. Click Next.
    4. Select the target install folder and click Next.
    5. Select Normal Installation from the components list and click Next.
    6. Select the target start menu location and click Next.
    7. Verify the selection options and click Install.
    8. After the program installs itself, it will attempt to start itself.
    9. When a dialog box appears, prompting you to specify whether to allow Snare to control the EventLog configuration, select Yes.
  • Configure SNARE
    1. Enter the local host name; the IP address or DNS name of the local host
      If your server only has 1 interface, this can be left blank
    2. Enter the Snare server IP Address or DNS name
      Note: Alan White will provide this information
    3. Make sure the following options are selected:
      • Enable syslog header
      • Automatically set audit configuration
      • Automatically set file system audit configuration.
    4. Click OK to close the dialog box and save configurations.
    5. Click File > Exit
      This will stop and restart the Snare service to pick up configuration changes.

Removal

  1. Go to Start > Control Panel > Add/Remove Programs
  2. Select Snare
  3. Click Change/Remove
  4. Confirm the removal, click Yes.
  5. When the uninstaller has finsihed, click OK.

Linux/Unix Instructions

  1. Make sure sysklogd is installed
  2. Edit the /etc/syslog.conf file, add a line, *.debug @xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is the Snare server IP Address)
    Note: Alan White will provide this information
  3. Restart your sysklog service

Downloads