Difference between revisions of "SNARE Open Source Agents Setup"
From Observer GigaFlow Support | VIAVI Solutions Inc.
(→Detailed Procedure) |
|||
| (15 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Setup]] | [[Category:Setup]] | ||
| − | + | =Getting Started= | |
| − | This | + | This note is about how to install Snare Open Source Agents on Microsoft Windows. We will refer to this product as SNARE. |
Additional documentation and support are available in the manual and wiki at: | Additional documentation and support are available in the manual and wiki at: | ||
http://gigaflowsupport.viavisolutions.com/manual/ | http://gigaflowsupport.viavisolutions.com/manual/ | ||
| − | '' | + | #;Snare Open Source and Enterprise Agents |
| + | #:Snare recommends upgrading from its Open Source Agents to its Enterprise Agents solution. From Snare’s website: | ||
| + | #:''We know that there are still plenty of users around the world who lean on our open source agents so we still make them available to download. We would like to reiterate that they have been out of date for years and we highly recommend that you use Snare Enterprise Agents.'' | ||
| + | #'''Installation Locations''' | ||
| + | #:Snare Open Source Agents must be installed on each Microsoft Active Directory (AD) server that is in use and on the device that stores the Windows logs. | ||
| − | + | =Detailed Procedure= | |
| − | + | #;Download and Install SNARE | |
| − | + | #: | |
| − | + | #:For each machine: | |
| − | + | #: | |
| − | + | #:a) Navigate to https://www.snaresolutions.com/products/snare-agents/open-source-agents/ | |
| − | + | #:b) Register, download the installer and run as administrator. | |
| − | + | #:c) The default SNARE port is 6161. | |
| − | + | #:d) Ensure that that the SNARE service is running. | |
| − | + | #:e) There is no login after installing SNARE; the user login is “snare”. You can set a new password. | |
| − | + | #: | |
| − | + | #;Configure SNARE | |
| − | + | #: | |
| − | For each machine: | + | #:For each machine: |
| − | a) Navigate to https://www.snaresolutions.com/products/snare-agents/open-source-agents/ | + | #: |
| − | b) Register, download the installer and run as administrator. | + | #:a) Using SNARE’s Network Configuration Option, instruct SNARE to send messages to the GigaFlow server IP address. |
| − | c) The default SNARE port is 6161. | + | #:b) Navigate to SNARE Filtering Objective Configuration and select the messages that you are interested in, e.g. Logon or Logoff events. |
| − | d) Ensure that that the SNARE service is running. | + | #:c) Remove all other Objectives. |
| − | e) There is no login after installing SNARE; the user login is “snare”. You can set a new password. | + | #:d) Click Apply latest Audit Configuration. |
| − | + | #: | |
| − | + | #;Configure GigaFlow | |
| − | + | #: | |
| − | For each machine: | + | #:a) In '''GigaFlow''' a syslog parser is required to parse the username and IP into the database. Navigate to '''System > Syslog Parsers'''. |
| − | + | #:b) The parser type must be set to User. | |
| − | a) Using SNARE’s Network Configuration Option, instruct SNARE to send messages to the GigaFlow server IP address. | + | #: |
| − | b) Navigate to SNARE Filtering Objective Configuration and select the messages that you are interested in, e.g. Logon or Logoff events | + | #;Verifying the Installation |
| − | c) Remove all other Objectives. | + | #: |
| − | d) Click Apply latest Audit Configuration. | + | #:a) Navigate to '''System > Syslog Parsers''' click to edit the syslog parser just created. If the system is working correctly, matched syslog entries will be displayed in the Matches table. |
| − | + | ||
| − | + | ||
| − | + | ||
| − | a) In GigaFlow a syslog parser is required to parse the username and IP into the database. Navigate to System > Syslog Parsers. | + | |
| − | b) The parser type must be set to User. | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | a) Navigate to System > Syslog Parsers click to edit the syslog parser just created. If the system is working correctly, matched syslog entries will be displayed in the Matches table. | + | |
Latest revision as of 17:36, 14 February 2019
Getting Started
This note is about how to install Snare Open Source Agents on Microsoft Windows. We will refer to this product as SNARE. Additional documentation and support are available in the manual and wiki at: http://gigaflowsupport.viavisolutions.com/manual/
- Snare Open Source and Enterprise Agents
- Snare recommends upgrading from its Open Source Agents to its Enterprise Agents solution. From Snare’s website:
- We know that there are still plenty of users around the world who lean on our open source agents so we still make them available to download. We would like to reiterate that they have been out of date for years and we highly recommend that you use Snare Enterprise Agents.
- Installation Locations
- Snare Open Source Agents must be installed on each Microsoft Active Directory (AD) server that is in use and on the device that stores the Windows logs.
Detailed Procedure
- Download and Install SNARE
- For each machine:
- a) Navigate to https://www.snaresolutions.com/products/snare-agents/open-source-agents/
- b) Register, download the installer and run as administrator.
- c) The default SNARE port is 6161.
- d) Ensure that that the SNARE service is running.
- e) There is no login after installing SNARE; the user login is “snare”. You can set a new password.
- Configure SNARE
- For each machine:
- a) Using SNARE’s Network Configuration Option, instruct SNARE to send messages to the GigaFlow server IP address.
- b) Navigate to SNARE Filtering Objective Configuration and select the messages that you are interested in, e.g. Logon or Logoff events.
- c) Remove all other Objectives.
- d) Click Apply latest Audit Configuration.
- Configure GigaFlow
- a) In GigaFlow a syslog parser is required to parse the username and IP into the database. Navigate to System > Syslog Parsers.
- b) The parser type must be set to User.
- Verifying the Installation
- a) Navigate to System > Syslog Parsers click to edit the syslog parser just created. If the system is working correctly, matched syslog entries will be displayed in the Matches table.
