Snare for Windows

3.3/5 14

Last updated: Apr 5, 2017 Certified 100% CLEAN Trial

SOFTPEDIA® DOWNLOAD NOW 7,593 downloads so far

Free and open-source tool for Windows event logs collection, analysis, reporting, real-time alerts and archiving features, accessible from a web UI. #Eventlog subsystem #Snare service #Event log #Service #Security #SYSLOG

Softpedia Review

specifications

Snare is a handy Windows service that enables users to remotely access EventLog details in real time, as well as to transfer data. It monitors all tree main event logs, namely Application, System and Security, along with secondary ones if they exist, namely DNS, Active Directory and File Replication.

During installation, the tool can be asked to manage your EventLog configuration by overriding any existing audit settings. What's more, you can use the system account or input other credentials for the service, as well as enable web access with or without a password.

Once set up, you can access Snare via a web browser and log in with the previously defined credentials to view data. The app shows the current PC events, such as created and exited processes, together with in-depth information about them, like date, system name, event count and ID, source, user name, and audit status.

Snare lets you change the network configuration in regard to the destination Snare server address and port number, event log cache size, UDP or TCP, message encryption, automatic tasks (set audit and file audit configuration), data exporting to file, and others.

As for remote control, you can restrict the Snare agent to specific hosts, set an IP address allowed for remote control and indicate a password to permit its removal, establish the web server port number, and so on. This form can be reset to default.

No error dialogs were shown in our tests and the app did not hang or crash. It had a good response time and consumed low CPU and RAM, so it didn't put a strain on computer performance. To sum it up, Snare provides experienced users with a fast and simple method of viewing EventLog information from a distance.

What's new in Snare for Windows 4.3.8:

Add support for outputting logs in RFC5424 in the 03 Core
OpenSSL library version updated to 1.0.1u
Fix a bug where the count of characters listed as truncated was wrong in messages
Corrected checks for out of memory issues in a number of places

Read the full changelog

LIMITATIONS IN THE UNREGISTERED VERSION

30 days trial
The following features can be unlocked by purchasing an Enterprise License:
Regulatory Compliance:
Helps gather information to comply with NISPOM, PCI, SOX or other regulations
Vendor Support
Product maintained, updated and supported for compliance.
Windows 2012 / Windows 8:
Agent supported on all Windows platforms, including W2012 and W8 platforms.
Capture Custom Windows Event Logs:
Capture and transmit all logs including Application and Services logs in addition to the Windows Event Logs.
Event Log Caching:
Caching of events in case of a network disruption, ensuring that the events are not lost
TCP:
Confirmed log message delivery with Smart TCP - no lost or missing logs.
Encryption with TLS/SSL or 3DES:
Protecting the confidentiality and integrity of log messages in transit.
Monitor Registry Events:
Ability to apply auditing to sections of the registry and report changes.
Dynamic DNS:
Provides uninterrupted real time 24x7 operation.
USB Devices:
External device monitoring, such as USB devices and removable media on Windows XP, 2003, 2008, 2012 operating systems
Enhanced Event Throttling:
Configure events per second (EPS) rate controls and provide alerts when EPS limits are reached.
UTC:
Use UTC time zone normalization to ensure the correct sequencing of events by standardizing across geographies and time zones.
Agent Heartbeat:
Heartbeats are sent out, letting the collecting device know that the agent is operational. Logging options include tracking audit events on service operations and local policy changes.
Multiple Destinations:
Log message simulcasting enables the distribution of events to multiple destinations.
Single MSI:
A single smart MSI for all Windows platforms ensuring simplified and error free distribution
Easily Tailorable to Event Log Format:
Native Snare and multiple syslog headers options to support different SIEM systems.
Centralized Configuration Management with the Snare Agent Management Console:
For the mass management, monitoring and configuration of the agent.
Group Policy Support:
Group Policy Objects (e.g. ADM files) can be used to configure the agent in an easy and widely supported way without the need for setting "Preferences", a.k.a. tattooing
Monitor Agent Configuration Changes:
This feature adds another layer of security by allowing administrators to remotely monitor changes to the agent’s configuration.
Regular expression for General Search Match:
Allows matching event text using Perl Compatible Regular Expression syntax giving more flexible search options.
Truncation of Verbose Event Text:
To reduce server resource wastage, events may be truncated by matching on simple text phrases.
Log Server Connection Status:
The Current Events page displays the connection status of the logging server(s).
Alternate Syslog destination options:
RFC5424 compliant

DOWNLOAD Snare for Windows 4.3.8 for Windows

Snare for Windows 4.3.8

add to watchlist add to download basket send us an update REPORT

buy now Enterprise License

runs on:: Windows NT
Windows 10 32/64 bit
Windows Server 2012
Windows 2008 32/64 bit
Windows 2003
Windows 8 32/64 bit
Windows 7 32/64 bit
Windows Vista 32/64 bit
Windows XP
Windows 2K
file size:: 3.4 MB