Snare: Security Auditing

by on Jun 9, 2005 | 0 comments

For many people in administrative positions, there are often times when a security monitor would come in handy.  You never know when a user might try to get around certain settings, or it might even be handy just to monitor when users log on and off of a computer that contains sensitive information.  All this seems extremely complicated – but there is an Open Source program that makes it about as simple as it possibly can be.  This program is called Snare.  It can be downloaded here:  http://www.intersectalliance.com/projects/index.html

Snare is a very simple and easy to use log manager that allows for both local and remote monitoring of systems within a network.  It has many options to enhance usability for just about any purpose.  It is available in many different operating systems, including Linux, Windows, with plug-ins specifically for IIS Servers, Irix, Aix, Lotus Notes, and ISA servers.

Snare is completely configurable from the GUI, allowing for easy access to both basic and advanced options.  It allows you to set audit objectives, which tells the program what it is supposed to monitor and when.  By setting these objectives, you can define precisely how you want each record kept, how you want it reported, and what level of importance each instance should be recorded as.  This allows for the easiest possible administration by allowing the administrator to log only what he/she wants to see, unlike looking through most eventlogs (which log all activity).



The objectives can be defined by setting the usernames you want logged, what actions will be logged, where the events will be logged from, as well as setting filters for specific event IDs.  This system is very simple and easy to understand, as it explains what each option does pretty thoroughly and uses words that an entry level administrator can understand.

The program can log a system locally or remotely, providing for a certain level of assurance that logs were not tampered with.  This feature is handy when you have sensitive data on a machine and want to make sure you know what goes on when someone is logged on, or any changes that might be made at the system level.



Also in the family is a server package – an open source version and a closed source version.  The open source version allows for remote collection of the data from various clients, but will not analyze it.  The closed source version will collect and analyze information, presenting it in several customizable views (such as graphs, charts, tables, etc).  It is useful when there is a large number of machines that need to be monitored, as it provides the data in a central location.



Overall, Snare is a small but effective tool that can be deployed seamlessly in many current networks to provide a security net around systems that need to be monitored closely.  It is the best event viewer that I have run across.  You should try it out!

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

Discuss This Article (Without Facebook)

Leave a Reply

PCMech Insider Cover Images - Subscribe To Get Your Copies!
Learn More
Every week, hundreds of tech enthusiasts, computer owners
and geeks read The Insider, the digital magazine of PCMech.

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: