Specifications
Guide to Snare for Linux
◦ INITIAL - The remote log location is about to begin setup
◦ RESOLVING - DNS resolution for a hostname is occurring
◦ RESOLVE_DELAY(x) - DNS resolution failed, a retry will occur in X seconds
◦ CONNECTING - Snare is trying to connect to the destination
◦ CONNECT_FAILED - The connection to the destination failed
◦ CONNECT_DELAY(x) - Connecting to the remote end failed, it will be retried again in X
seconds
◦ CONNECTED - Snare has an active connection to the destination
◦ SENDING - Snare is currently sending logs to the destination
◦ DISCONNECTED - The destination has disconnected the snare agent.. a reconnection will
occur automatically.
◦ HANDSHAKE - A SSL/TLS Handshake is in progress
◦ HANDSHAKE_FAILED - The SSL/TLS Handshake failed
◦ OPENING - Opening a a file destination is in progress
◦ WRITING - Writing is occurring to a file
◦ WRITE_FAILED - A write to file failed
◦ CLOSED - A file has been closed
Additionally two other statuses give instant feedback about what Snare is doing:
• Available
◦ Indicates if Snare can use the destination to send logs. A value of 1 indicates that logs
can be sent. A value of 0 indicates logs can't be sent
• ReadyToSend
◦ Indicates if the destination is setup in a state where logs can be sent. For instance if
Snare is already sending to the destination, ReadyToSend will be 0.
© InterSect Alliance, September 2014 Page 21 of 30 Version 4.1