Snare Enterprise Epilog - Windows is designed to facilitate the central collection and processing of Windows text-based log files and is compatible with all current versions of the Windows operating system. Snare Epilog for Windows also supports date stamped log files such as IIS, ISA, SMTP and Exchange message tracking logs. The agent can restrict the data through a custom objective which can be configured to filter data by including or excluding exact or wild card string matches. Note that users of Lotus can also take advantage of Epilog for Windows.
All log information is converted to tab delimited text format, then delivered over TCP/UDP or SSL/TLS to one or more destinations including a Snare Server, SIEM or syslog server. It should be noted that many standard syslog servers are not designed to cope with the sorts of volume of data that multiple Snare agents can potentially generate and you may require a more advanced system such as a Snare Server or other SIEM system.
Features of Snare Agent for Epilog for Windows Enterprise Version include:
- Caching of events in case of a network disruption, ensuring that events are not lost
- Confirmed log message delivery with Smart TCP - no lost or missing logs.
- Encryption with TLS/SSL
- Dynamic DNS
- Log to multiple destinations
- Automatic setting of HostIP for source of the events
- Configure the log file source either through an exact match or by a wild card match
- Log multiple files in a directory
- Events per Second (EPS) rate controls
- UTC log time formats
- Group Policy Support
- Allow administrators to manage the agent either locally or remotely via a standard web browser.
Want to find out more, you can review the Snare Agent for Epilog for Windows Users Guide, or contact us for more information.
Also download the 0pen source Epilog Agent for Windows - Click here (Installer) and for the source code click here which will provide a great introduction to the basic features of the agent.
