Snare for Solaris provides front end filtering, remote control, and remote distribution for Solaris audit data, interfacing with the underlying Sun “Basic Security Module”. Snare for Solaris can be used as a standalone auditing tool, or can send data to the Snare Server, remote SIEM system or any syslog server for analysis and storage. Snare for Solaris is available for Solaris 9, Solaris 10, Solaris 11.1, Solaris 11.2, Sun SPARC and x86.
Features of the Snare Agent for Solaris, Enterprise Version include:
- Caching of events in case of a network disruption, ensuring that events are not lost
- Confirmed log message delivery with Smart TCP - no lost or missing logs.
- Log to multiple destinations
- Combined with the TCP, this option will allow the agent to cache messages if there is a network failure or the Snare Server is otherwise unavailable.
- Encrypt messages between the agent and the Snare Server.
- Allowing the event log record to be formatted so it is accepted by a SYSLOG server.
- Allow administrators to locally or remotely monitor changes to the agent’s configuration via a standard web browser
On a large network of Solaris servers and workstations, the management overhead can quickly become onerous, particularly when audit log data needs to be transferred to a central server for consolidation, analysis and archive.
To find out more, please review the Snare Agent for Solaris User Guide or contact us for more information.
To download the Open Sourced Agent, please click here.
