InterSect [InterSect Swish]
Search Our Site
  Enter Search Terms

IAI is very proud to announce that Solutionary has selected Snare as their technology partner for the ActiveGUARD managed service platform.
InterSect Alliance International

As some are already aware, InterSect Alliance was recently purchased by Prophecy International, and is now InterSect Alliance International Pty Ltd. More good news to come.
The Snare and Epilog agents, from InterSect Alliance, are considered to be the de-facto industry standard for eventlog and audit log collection.
The agents are available in two different versions:
  • The Snare, and Epilog Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set, including guaranteed delivery, encryption, and custom event sources.
  • Snare, and Epilog: Open source editions - Audit and event log collection, with code available under the terms of the GNU Public License.

FeatureEnterprise EditionOpen Source Edition
Guaranteed message delivery (TCP)
Event log caching
Encryption (with the Snare Server)
Log message simulcasting
Dynamic DNS support
Centralized configuration management
Custom Windows eventLog sources
Vendor product support
Easy to use installer
Filter for events of interest
Remote control interface
View local and network users and groups
View local Registry configuration
UDP and Syslog destination options
Non-GUI install option
Upgrade option to preserve existing configuration settings
Debug mode

Request a Quotation Snare Agents - Details

Snare for Solaris Snare Agent for Solaris
Snare for Solaris provides front end filtering, remote control, and remote distribution for Solaris audit data, interfacing with the underlying Sun "Basic Security Module".

Snare for Solaris can be used as a standalone auditing tool, or can send data to the Snare Server for analysis and storage.

Snare replaces the normal Solaris C2 Audit collection and reporting subsystem, minimising client resource utilisation, and administrative overhead.

The Solaris BSM C2 Audit Subsystem allows users to record operating system events to a local or NFS mounted filesystem. Details on this functionality can be found from the Snare for Solaris documentation, available from our 'Resources' page.

The Solaris C2 audit daemon writes binary event data to the local file system, utilising local workstation/server disk resources for temporary storage, and administrator resources to facilitate the conversion of binary audit data to a usable text format suitable for incident analysis. In cases where events have been selected that produce a large volume of audit information (for example file "open" events), hundreds of megabytes, or even gigabytes, need to be allocated for storage on the client machine. This process utilises significant system and administrator resources that are often more appropriately allocated to the normal operational tasks that the workstation or server performs.

On a large network of Solaris servers and workstations, the management overhead can quickly become onerous, particularly when audit log data needs to be transferred to a central server for consolidation, analysis and archive.

InterSect Alliance have developed software that interfaces with the Solaris auditsvc() system call to convert audit events to text format, then send the converted data back to a central location over the network (via UDP) in real-time, allowing security administrators to implement a centralised audit collection, analysis and archive facility with minimal audit client resource utilisation.

Snare is currently used by hundreds of thousands of individuals, and organisations worldwide. Snare for Solaris is used by many large Financial, Insurance, Healthcare, Defence, AeroSpace, and Intelligence organisations to meet elements of local and federal security requirements, such as:
  • ACSI 33
  • GLBA (Gramm-Leach-Bliley Act)
  • Sarbanes Oxley (SOX)
  • C2 / CAPP
  • DCID 6/3
  • DIAM 50-4
  • DDS-2600-5502-87 Chapter 4
  • NISPOM Chapter 8
  • California Senate Bill 1386
  • USA Patriot Act
  • Danish Standard DS-484:2005
  • British Standard BS7799

Snare for Solaris (formally known as BackLog for Solaris) is available under the terms of the GNU Public Licence.

Screen Shots

SNARE GUI - Main Window

SNARE GUI - Audit Configuration

SNARE GUI - Objective Configuration

SNARE GUI - Event Details

SNARE Micro-Web server - Remote Control Configuration


Documentation for Snare for Solaris is available from our resources page

The Sourceforge development website shows support for the open source development community by providing SNARE with a home away from home, and Snare support forums. Logo


Snare for Solaris downloads:

Like to keep up to date with Snare releases? Sourceforge offer an email notification service that will send you an email each time we release a new version of Snare. Log in to sourceforge using an existing OpenID compatible account, then jump to the Snare tracker page, and hit the 'Monitor' button, to set this up.

Snare Server
With its' origins in open source software, the Snare Server from InterSect Alliance provides a central collection, analysis, reporting and archival tool for a very wide variety of log formats.

Click here for more information
Snare Demonstration

Snare Introduction

Snare Agents

Snare Server
Click on a video above, to find out more about Snare and to access the Snare Demonstration Server
Copyright (c) 1999-2013 InterSect Alliance Pty Ltd