For many people in administrative positions, there are often times when a security monitor would come in handy. You never know when a user might try to get around certain settings, or it might even be handy just to monitor when users log on and off of a computer that contains sensitive information. All this seems extremely complicated – but there is an Open Source program that makes it about as simple as it possibly can be. This program is called Snare. It can be downloaded here: http://www.intersectalliance.com/projects/index.html
Snare is a very simple and easy to use log manager that allows for both local and remote monitoring of systems within a network. It has many options to enhance usability for just about any purpose. It is available in many different operating systems, including Linux, Windows, with plug-ins specifically for IIS Servers, Irix, Aix, Lotus Notes, and ISA servers.
Snare is completely configurable from the GUI, allowing for easy access to both basic and advanced options. It allows you to set audit objectives, which tells the program what it is supposed to monitor and when. By setting these objectives, you can define precisely how you want each record kept, how you want it reported, and what level of importance each instance should be recorded as. This allows for the easiest possible administration by allowing the administrator to log only what he/she wants to see, unlike looking through most eventlogs (which log all activity).
The objectives can be defined by setting the usernames you want logged, what actions will be logged, where the events will be logged from, as well as setting filters for specific event IDs. This system is very simple and easy to understand, as it explains what each option does pretty thoroughly and uses words that an entry level administrator can understand.
The program can log a system locally or remotely, providing for a certain level of assurance that logs were not tampered with. This feature is handy when you have sensitive data on a machine and want to make sure you know what goes on when someone is logged on, or any changes that might be made at the system level.
Also in the family is a server package – an open source version and a closed source version. The open source version allows for remote collection of the data from various clients, but will not analyze it. The closed source version will collect and analyze information, presenting it in several customizable views (such as graphs, charts, tables, etc). It is useful when there is a large number of machines that need to be monitored, as it provides the data in a central location.
Overall, Snare is a small but effective tool that can be deployed seamlessly in many current networks to provide a security net around systems that need to be monitored closely. It is the best event viewer that I have run across. You should try it out!

Like what you read?
If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:


