...
The configuration of /etc/security/snare.conf can be changed either:
- by modifying the objectives audit policies via the Web User Interface
...
Care should be taken if manually editing the snare.conf configuration file to ensure that it conforms to the required format. Also, any use of the Web User Interface to modify security objectives audit policies or selected events, may result in manual configuration file changes being overwritten. Details on the configuration file format can be viewed in Appendix A. Failure to specify a correct configuration file will prevent Snare from running.
...