Specifications

Guide to Snare for Linux

4.1 Network Configuration

To set the audit configuration parameters, select the 'Network Configuration' link.

Figure 2: Configure the network settings

The configuration parameters available are as follows, as displayed in Figure 2:

• Override detected hostname with: Can be used to override the name that is given to the

host. Unless a different name is required to be sent in the processed event log record, leave

this field blank. The default is to use the fully qualified name for the machine.

• Destination: Snare can send audit events to one or more network destinations. Snare can

send data either to a Snare-compatible server, or a SYSLOG compatible destination. Please

be aware that most SYSLOG servers are incompatible with the extremely high volumes of

data Snare is capable of generating.

Server Details: Enter a DNS name, or IP address for each planned destination.

Port: Select the port you would like Snare to use when sending events.

Protocol: Select the protocol you would like Snare to use when sending events.

Using TCP or SSL will guarantee message delivery. Using SSL will use an

encrypted connection to the server.