-
Is the agent up and running now you have the missing file?.
2009-12-05 23:15:04 UTC in SNARE - Auditing and EventLog Management
-
Hi Chris,
Appendix A of the Guide to Snare for AIX ([found here][1]) reviews the output format and explains how we use auditpr to gather the information. For more details on the specific columns, check the auditpr man page for the list of command line options shown in the appendix.
Regards, David.
[1]: http://www.intersectalliance.com/resources/index.html.
2009-12-05 23:13:16 UTC in SNARE - Auditing and EventLog Management
-
Hi Chris,
Bit of an odd error, is this box the same configuration (oslevel/architecture) as the other 5.3 machines? Does the file /usr/lib/libpthread.a exist?
Regards, David.
2009-12-03 05:18:55 UTC in SNARE - Auditing and EventLog Management
-
I'll look into the filtering. Regarding the DSS snare.conf, I'm really sorry about the delays, it looks like I should get a chance to test it out this week.
2009-12-01 02:23:57 UTC in SNARE - Auditing and EventLog Management
-
Over a given time period or just what's in the web cache? Unfortunately, a given time period isn't feasible given our resource targets for the agent, but offering filtered views of the available web cache would be.
2009-12-01 01:03:39 UTC in SNARE - Auditing and EventLog Management
-
See http://sourceforge.net/projects/snare/forums/forum/134533/topic/2079760/index/page/1.
2009-11-30 23:12:27 UTC in SNARE - Auditing and EventLog Management
-
Oddly enough, nothing has changed with the way we run our remote control interface (the micro web server that listens on port 6161). What version did you update from? Have you made any other changes to the machine (e.g. patches, group policy changes)?
Regards, David.
2009-11-30 23:11:10 UTC in SNARE - Auditing and EventLog Management
-
Hi Dave,
The agent's web interface doesn't have any searching capabilities. The remote control interface only has a very small cache, usually a rolling window of about 30 events, so even if we introduced one, it's possible that the event might have already left the cache.
Or are you thinking along the lines of restricting the events shown in Latest Events?
Regards, David.
2009-11-30 23:09:47 UTC in SNARE - Auditing and EventLog Management
-
Hi,
Our open source agent is able to write event logs locally, so you could retrieve these as part of a daily task or, if you have enough agents at any one site, place a syslog server locally, then synchronise your collectors when the connection is available. Alternatively, the agents save their position in the event log queue when the service is stopped, so you might be able to write a...
2009-11-30 22:54:02 UTC in SNARE - Auditing and EventLog Management
-
Hi all,
I have just finished working on a new version of the Vista/2008 agent which improves the way we capture usernames. The update should be available in a few days.
Regards, David.
2009-11-30 22:42:09 UTC in SNARE - Auditing and EventLog Management
