Snare lite Open Source Project Icon

Snare lite Open Source Project

Last Updated
Windows BSD Solaris Linux
Name Modified Size Downloads / Week Status
Parent folder
Totals: 3 Items   4.5 MB 8
SnareCoreVista-1.1.4.zip 2010-02-22 3.9 MB 33 weekly downloads
SnareSetupVista-1.1.4-MultiArch.exe 2010-02-22 538.9 kB 22 weekly downloads
Readme.txt 2010-02-22 6.2 kB 33 weekly downloads
Snare for Windows Vista version 1.1.4 ------------------- Copyright (c) 2010 InterSect Alliance Pty Ltd. Snare is a program that facilitates the central collection and processing of Windows Vista Event Log information. All three primary event logs (Application, System and Security) are monitored. Event information is converted to tab delimited text format, then delivered over UDP to a remote server. Snare is currently configured to deliver audit information to a SYSLOG server running on a remote (or local) machine. A configuration utility allows you to set the appropriate syslog target and priority, as well as the target DNS or IP address of the server that should receive the event information. It should be noted that many syslog servers are not designed to cope with the sorts of volume of data that multiple snare agents can potentially generate. The Snare service will automatically start after you have completed the initial configuration process. It is recommended that you configure each of your event logs to 'overwrite as required' (this is the default in Vista) We also recommend that you configure appropriate access controls on the Snare registry entries using regedt32.exe - perhaps restricting the permission to read or modify the keys and values to Local or Domain Administrators only. Snare stores it's registry settings in: HKEY_LOCAL_MACHINE\SOFTWARE\InterSect Alliance\AuditService Please remember that event monitoring is a complex area in most modern operating systems, and is not often very granular. Turning on significant event monitoring for a system can often produce unpredictable results, and could seriously detract from the resources available to the rest of your system or network. We recommend that you have a good understanding of exactly what event information is going to be used for, proir to enabling event monitoring on your servers. Version History: Snare Vista 0.1 - initial customer release (beta). Snare Vista 0.2 - Added feature to exclude events - Modified event IDs for Vista compatibility Snare Vista 0.3 - Added Workaround for "file not found" bug - Added Silent install option (/silent and /verysilent) Snare Vista 1.0 - Improved audit control (especially Object Access events and Packet Filtering) resulting in lower resource usage - Improved memory and handle usage Snare Vista 1.0.1 - Changed default objectives to reduce resource usage Snare Vista 1.0.2 - Added code to clear existing audit settings on install Snare Vista 1.1.0 - Added new features to manage default audit settings on c:\Windows. Use "snarecore.exe -s" to strip the default settings and "snarecore.exe -r" to restore them. Snare Vista 1.1.1 - Fixed auditing inheritance for auditing sub-folders. - Added feature to strip CR and LF characters from user and group output. - Fixed objective matching bug when an event matches all available objectives. - Extended supported features (see website for details). - Fixed potential buffer truncation. - Improved backend objective handling, significantly reducing CPU usage. Snare Vista 1.1.2 - Further speed improvements - Added support for DNS Server, Directory Service and DFS replication event logs - Added support for custom event logs (supported feature) - Fixed startup error when STATUS registry settings value were invalid (e.g. imported settings from a Windows 2003 agent). Invalid values are now ignored and monitoring will continue from the end of the event log - Added capability to reorder objectives - Fixed problem matching event IDs under certain conditions - Added target arch/actual arch reporting to the Status window - Updated objective order processing, now top to bottom. This means any exclusion objectives should be moved to the top of the list - Config/LeaveRetention(DWORD) added to prevent agent from setting "overwrite as needed" - Fixed minor string error in remote control interface - Included extra user account flags in local/domain users - Stripped special HTML characters from records shown in Latest Events - Corrected "empty" comments in Domain/Local Users - All user/group reports now use pre-Windows 2000 names (eg group names in DomainGroupMembers). - Fixed DomainUsers report where non-DCs would use local account SIDs in DomainUsers report - Modified the objective rules to allow "Access a file or directory" to configure any path if "handle file audit settings" is disabled - Strip spaces from destination address in Network Configuration Snare Vista 1.1.3 - Added option to exclude General Match in Objective Configuration (internal) - Updated event handling to prevent memory overloading - Improved username recognition (meaning the username field should be populated more often) Snare Vista 1.1.4 - Updated Keyword handling to correctly identify and tag Audit Success/Failure events - Update Level handling to improve multilingual support - - - - Except where otherwise documented (ie: RSA MD5 code in MD5.h / MD5.c): This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Alternative licencing conditions can be negotiated directly with the InterSect Alliance team, should you wish to include the Snare code within your commercial products. - - InterSect Alliance Pty Ltd http://www.intersectalliance.com/
Source: Readme.txt, updated 2010-02-22

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Windows
Mac
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies
X

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks