snarelite open source project / News: Recent posts

Back to agent development

Hi,

After a brief hiatus from agent development in order to push out version 4.0 of our Snare Server, we are now back on track with a bunch of new updates on the way for the AIX, Linux, Solaris and Windows agents just to name a few. Please keep and eye on the site for more updates and we will be back into the forums shortly.

Thanks again to everyone that has helped us out over the last couple of months, and we hope you enjoy all the new updates as they are released.... read more

Posted by David Mohr 2007-10-26

Snare for Linux 1.2 released

SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralised analysis of audit log data. Agents are available for Linux, Windows, Solaris, IIS, Lotus Notes, Irix, AIX, ISA/IIS + more.

Finally, we have one package for the Snare for Linux agent! 32 and 64 bit RPMS are available for download with a number of updates and improvements, please see the change log for details:... read more

Posted by David Mohr 2007-08-09

Snare for Linux 1.1 released

Snare for Linux 1.1 is now available for download. Thanks to all the users who provided feedback over the last few months, there are number of improvements and bug fixes included in this release thanks to your help. Check the release notes for details on the changes and version numbering used for this release.

Thanks again, we'll be back on the forums soon.

EDIT: We are still working on a release for RHEL5, there are some problems with the SELinux interaction in Enforcing mode (Permissive mode will work fine).

Posted by David Mohr 2007-07-02

Epilog for Windows 1.3 released

There are a number of updates and fixes for this version, please check the change log for details.

Posted by David Mohr 2007-06-11

Snare for Windows Vista released

Welcome to the first public release of our Snare agent for Windows Vista. Utilising the new "Crimson" event log infrastructure, Snare for Windows Vista provides real time access to the Application, Security and System event logs on Vista hosts.

This is still a beta release, but testing so far has been promising and a full release version should be available soon. If you have any question about the agent or if you run into any problems, please leave a message on the forums and we will get back to you as soon as possible.

Posted by David Mohr 2007-05-21

Snare for Solaris 2.5.7 released

Including full support for the Service Management Facility (SMF), Snare for Solaris 2.5.7 is our most robust and versatile agent to date.

Posted by David Mohr 2007-05-21

Snare for Windows 2.6.6 released

A number of bug fixes are included in this version, check the change log for details. A silent install option has also been added for easier deployment and packaging. Please try out the /silent and /verysilent options.

More on the way for our other agents as well with updates for Linux, Solaris and Epilog due out shortly.

Posted by David Mohr 2007-04-24

Snare for Windows 2.6.5 released

The next release of Snare is now available for download with a number of changes to provide improved availability of the web interface and optional logging of USB event data.

This release also includes a shift to the MS secure CRT functions to improve the robustness of the string handling functions.

Posted by David Mohr 2007-02-26

Snare for Linux 1.0 updated

Snare for Linux 1.0 has updated RPMS available for RHEL4, FC5 and FC6. New Audit packages are also available.

Posted by David Mohr 2007-02-08

Epilog 1.1 released

Epilog is our latest addition to the SNARE family of agents. The Epilog agents are designed to monitor any text-based log file and forward any changes to a central logging server. Epilog is designed to monitor files by name and can handle log file rotations. Epilog for Windows has added support for date stamped log files such as IIS, ISA, SMTP and Exchange message tracking logs.

Epilog is currently available for Windows and the Linux and Solaris versions will be available shortly.

Posted by David Mohr 2006-12-11

BackLog

The Snare Micro Server has now been renamed to BackLog. Please visit the downloads page to get the latest version.

Posted by David Mohr 2006-12-11

Snare for Linux 0.9.8

Version 0.9.8 of the Snare for Linux agent has been checkpointed, and is gradually being released for several common distributions. i686 builds for RHEL3, RHEL4 and FC2 are currently available. Other architectures / distributions will come online as time & resources permit.

Posted by Leigh Purdie 2006-04-18

Solaris & AIX Updates

A new version of Snare for Solaris is now available, that supports Solaris 10.

The AIX agent has been updated to version 1.1, and now has the capability to dynamically recompile itself (with the assistance of an installed GCC) if it finds itself on an architecture other than RISC System/6000.

Posted by Leigh Purdie 2006-02-16

New i686 Binaries for FC2

New i686 & i686 SMP binaries have been released for FC2 to fix the kernel segfault that people were experiencing on some FC2 machines.

Snare-Core 0.9.7 should be used with these binaries.

Posted by Leigh Purdie 2005-10-07

Snare for IIS - Now logs Exchange/FTP/NNTP/Chat

The 'Snare for IIS' log collection & forwarding tool now includes the capability to collect and forward logs from the Exchange SMTP service, the MS FTP Service, the MS NNTP Service, and the Chat service (if present) back to a central log collection server.

Version 1.2 of Snare for IIS is currently in alpha-release, and we would appreciate testing & usability feedback.

Posted by Leigh Purdie 2005-08-22

Snare for Windows 2.4.5

Snare for Windows 2.4.5 is now available, and includes a re-implementation of the 'last known log position restoration' capability from snare 1.7, with the addition of a flood-protection capability, which restricts restorations to situations where the last position is within 5000 log entries of the current log position.
A fix for the library issue that broke 2.4.4 on Windows NT has also been included.

Posted by Leigh Purdie 2005-06-09

Snare Binaries for RH9

Snare-enabled kernel binaries for Redhat 9 (based on the most recent fedora legacy kernels) are now available from the Snare file release page. Snare 0.9.7 is now available in 'kernel binary' form for RH9, RHEL3, RHEL4 and Fedora Core 2.

Posted by Leigh Purdie 2005-06-09

Snare Updates

Snare for Windows 2.4.4 has just been released, and now includes better support for Active Directory in native mode.

Snare for Lotus Notes has been updated to be compatible with Notes R6, and a Snare for Linux patch & daemon combination has been added to sourceforge, that should work nicely with Fedora Core 2 (instructions are available from the snare-devel mailing list).

Posted by Leigh Purdie 2005-04-06

Snare Micro Server now available

The Snare Micro Server is a program that provides a central collection facility for a variety of log sources, including Snare Agents for Windows, Solaris, AIX, Irix, ISA Server, IIS Server, Lotus Notes (and others), plus any device capable of sending data to a syslog server.

The Snare Micro Server is the 'little brother' of the InterSect Alliance 'Snare Server' appliance. The Snare Server provides a robust collection, analysis, reporting and archival environment, using a web-based interface, and database-based storage. The Snare Micro-Server contains only the basic 'collection' component, with no
analysis capabilities, but should be useful for many individuals, or small organisations.

Posted by Leigh Purdie 2005-01-04

Snare Micro Server

Coming soon: The Snare Micro Server

The Snare Micro Server is a program that provides a central collection facility for a variety of log sources, including Snare Agents for Windows, Solaris, AIX, Irix, ISA Server, IIS Server, Lotus Notes (and others), plus any device capable of sending data to a syslog server.

The Snare Micro Server is the 'little brother' of the InterSect Alliance 'Snare Server' appliance. The Snare Server provides a robust collection, analysis, reporting and archival environment, using a web-based interface, and database-based storage. The Snare Micro-Server contains only the basic 'collection' component, with no
analysis capabilities, but should be useful for many individuals, or small organisations.... read more

Posted by Leigh Purdie 2004-12-24

Snare for Irix 1.2

SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralised analysis of audit log data. Agents are available for Linux, Windows, Solaris, IIS, Lotus Notes, Irix, AIX, ISA/IIS + more. The next version of the Snare agent for Irix systems, is now available from the Snare project page. Key features include an update to the core rendering engine of the micro-web server, general match exclusion for events like "file opens", and syslog destination targets for centralised collection.... read more

Posted by Leigh Purdie 2004-12-21

Snare for AIX

An alpha version of Snare for AIX is now available. Please let us know if you encounter any problems, or have any suggestions for improvements.

Posted by Leigh Purdie 2004-12-07

Snare for IIS & ISA Servers

Agents for IIS and ISA servers have been added to the family of Snare audit & event log collection, analysis and processing tools.

Binary Setup applications, and full source code for both the service, and GUI components, are now available from the Snare sourceforge site.

Posted by Leigh Purdie 2004-10-06

Snare for Irix now available

In the continuing tradition of creating open source tools to make a security administrator's life easier, the Snare team have released a version of Snare for the Irix operating system.

Snare for Irix interfaces with the underlying Security Audit Trail (SAT/SATD) in Irix to facilitate objective-based audit filtering, dynamic audit event control, relaying of audit data to a central audit server, and a tiny, web-based remote-control facility.... read more

Posted by Leigh Purdie 2004-07-16

Snare for Solaris 2.3

Snare for Solaris 2.3 is now available, and includes an update to the installer process, a build for x86 Solaris machines, and several problem resolutions.

Posted by Leigh Purdie 2004-07-06