SNARE

SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralised analysis of audit log data.

It will allow event logs from the new native Linux audit subsystem to be collected from the operating system, and forwarded to a remote audit event collection facility after appropriate filtering. SNARE for Linux will also allow a security administrator to fully remote control the application through a standard web browser if so desired. SNARE has been designed in such a way as to allow the remote control functions to be easily effected manually, or by an automated process.

SNARE

License GNU GPL Developer InterSect Alliance Pty Ltd Website www.intersectalliance.com Requirements audit version 1.2.1 or newer Support: SNARE Documentation, Forum, Mailing List Selected Reviews:

Features include:

• Snare audit daemon acts as an interface between the Linux kernel, and the security administrator. Allows you to:
• Turn on events
• Filter the output
• Push audit log information back to a central location for collection, analysis and archival
• Snare Micro-Web Server - embedded in the audit daemon, and provides a very simple configuration capability that can be managed from your web browser.

Last Updated Sunday, March 04 2012 @ 12:36 PM EST