Versions Compared

Version Old Version 1 New Version Current
Changes made by

tlapham

rthornton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Windows Configuration

The Snare agent currently only supports the DHCP audit txt log output, follow the below steps to configure and output the logs

  1. Click Start > Programs > Administrative Tools > DHCP.

  2. Now that you have the DHCP management console open, right-click on your DHCP server OR IPv4 protocol and select Properties.

    Image RemovedImage Added

  3. Now that you have the properties open for your DHCP server or IPv4 protocol select the General tab and select Enable DHCP audit logging.

    Image RemovedImage Added

  4. Now that you’ve enabled DHCP audit logging select the Advanced tab and record your Audit log file path for future configuration needs.

...

  1. Click the OK button. 

Agent Configuration

Snare can forward log data to Securonix using their pre-configured parsers. This guide outlines the steps to configure the Snare agent, along with links to the Securonix documentation on how to finalise configuration within Securonix itself.

  1. Follow steps outlined here to install the Snare agent. Agent Installation - Snare Windows Agent v5 Documentation - Confluence

  2. To collect the DHCP logs from the newly created log file navigate to “Log Sources > Log Files”

  3. Click “Add”, Select the log type and select “ Microsoft DHCP server logs”

  4. Select “Single Line Only” logs start and end in the txt file.

  5. Paste in the location of the log file e.g. C:\DHCP.txt into the “Log file or Directory Field”

  6. In the “Log File Format” Field input the name of the file e.g. *.log

    image-20250218-105035.png

  7. Once happy click Change configuration and restart the service to save the change.

  8. Once happy and changes applied select “Destination configuration”.

    image-20241203-093353.png

  9. Under the “Network Destinations” section, enter the domain/IP address and port for Snare Reflector, and ensure Format is “Snare” and “Delimiter Character” is “Tab”.

...

Snare Reflector Configuration

  1. Login to Snare Central. Navigate to the Reflector UI (System->Administrative Tools-> Configure Collector/Reflector) and select “Destinations” on the left hand menu.

  2. Select “Add Destination” at the bottom of the page and create a new destination with the following configuration and select “Update”, the “Proceed with update” and scroll to the top of the window and select “Restart Reflector” to apply the settings.

...