Manualshelf

Specifications

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 4.1.0 -
11121314151617181920
Guide to Snare for Linux
Format: Select this option if the requirement is that the event records need to
be in a specific format. This feature will allow the event log record to be
formatted so it is accepted by a Syslog or a Snare server. Note: The agent will
override the specified format in some cases. Specifying port 6161 will force the
use of Snare format. Specifying a port of 514 will force the use of the Syslog
format.
FileName: Log the output to disk as well as the network. If the file does not
exist, it will be created.
Click Change Configuration to allow another destination to be added. Likewise, to
remove a destination, then delete the entry in the Server Details and click Change
Configuration.
Allow SNARE to automatically set audit configuration: By default, Snare will take control
and manage your audit event settings for you. Normally on a Unix system, you will need to
modify the file /etc/audit/audit.rules in order to establish a new monitored event. Snare
has the capability to 'turn on' event auditing in response to the objectives you set within the
Remote Control Interface. It is recommended that this parameter is enabled.
Cache size: Allow Snare to store messages that could not be sent. Combined with the TCP or
TLS this option will allow the agent to cache messages if there is a network failure or the
Snare Server is otherwise unavailable. Any cached message is kept until it is sent or the size
of the cache exceeds the specified allotment, in which case the oldest message is removed.
If the agent is restarted, any cached messages are lost.
SYSLOG Facility (optional): If you are sending your data to a SYSLOG server, specifies the
subsystem that produced the message. The list displays default facility levels.
SYSLOG Priority (optional): If you are sending your data to a SYSLOG server, the agent can
be configured to use a static or dynamic priority level.
Use UTC time reporting: Enables UTC (Coordinated Universal Time) timestamp format for
events instead of local machine time zone format.
To save and set changes to these settings, and to ensure the audit daemon has received the new
configuration, perform the following:
1. Click on Change Configuration to save any changes.
2. Click on the Apply the Latest Audit Configuration menu item. There will be a quick notice
that Snare is restarting as displayed below.
© InterSect Alliance, September 2014 Page 11 of 30 Version 4.1