By: Ed Fisher

Ed Fisher — Thu, 01 Apr 2010 15:37:17 +0000

Hi Felix,
You make a great point, thanks for the comment. If the foot print is the same or less on the server that would be much better, and something I will have to look into. Snare has been around a while, and the client orgs I’ve seen using it were already comfortable with syslog, so it seemed to be a natural progression, but the splunk> forwarder does make for a better solution and can grab a lot more from the server than just event logs. I guess we all know what I’ll be trying next!
Cheers,
Ed

By: felix

felix — Thu, 01 Apr 2010 15:27:07 +0000

Why would you convert everything to syslog when you can just use the Splunk light forwarder to forward the event logs and have them indexed nicely? Think PCI and HIPPA compliant log aggregation and event signing.

Comments on: howto://Install and Configure Snare Agent for Windows

By: Ed Fisher

By: felix