Snare for OSX allows event logs from the OSX subsystem to be collected from the operating system, and forwarded to a remote audit event collection facility after appropriate filtering. Snare for OSX operates as an ‘audit dispatcher’ application that receives the audit log data, with Snare directing auditd to generate events that will electively filter out event data that you are not interested in, formats the resulting data into something that is more suited to follow-on processing, and delivers it to one or more remote systems over the network. Snare for OSX is known to work on OSX 10.7 (Lion), OSX 10.8 (Snow Lion), OSX 10.9 (Mavericks).
Features of the Snare Agent for OSX include:
- Caching of events in case of a network disruption, ensuring that events are not lost (TCP, SSL only)
- Confirmed log message delivery with Smart TCP – no lost or missing logs.
- Capability to log to multiple destinations with different protocols so you can send Snare format and SYSLOG format to different hosts
- Encrypt messages between the agent and the Snare Server using SSL/TLS.
- Allowing the event log record to be formatted so it is accepted by a SYSLOG server.
- UTC (Coordinated Universal Time) timestamp format for events instead of local machine time zone format.
- Allow administrators to locally or remotely monitor changes to the agent’s configuration via a standard web browser.
- Supports a wide range of event collection including the logon/logoff, process monitoring, file monitoring, administrative monitoring as well as the filtering capabilities through objective settings.
For more information refer to the Snare Agent for OSX Users Guide or contact us for more information.
