Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Ensure you have administrator rights, double-click the downloaded file Snare-MSSQL-Agent-v{Version}-{Architecture}.exe file where {Version} is the most recent version of the file available. This is a self extracting archive, and will not require WinZip or other programs. You will be prompted with the following screens:

Welcome to the SnareMSSQL Setup Wizard


This screen provides a brief overview of the product you are about to install.

Where available, select "Next" to continue the installation, "Back" to return to the previous screen or "Cancel" to abort the installation.

License Page


The License Page displays the End User License Agreement (EULA). Please read the document carefully and if you accept the terms of the agreement, select "I accept the agreement" and the "Next" button will be enabled allowing the installation to continue.



Existing Install (Upgrade only)



If the Wizard detects a previous install of the SnareMSSQL agent, you will be asked how to proceed.

Selecting "Keep the existing settings" will leave the agent configuration intact and only update the SnareMSSQL files. The Wizard will then skip directly to the Ready to Install screen.

Selecting "Reinstall" will allow the configuration wizard to continue and replace your existing configuration with the values you input. Note that replacing the configuration does not happen immediately; it takes place after selecting the "Install" button on the Ready to Install screen.

Service Account


Snare Enterprise Agent for MSSQL requires a service account to operate. It uses this account for two main purposes:

  • Run the service. The SYSTEM account is the default choice. Any credentials provided will require permission to run as a service.

  • Authenticate to the MS SQL instance(s) being monitored. By default, MS SQL instances grant the SYSTEM account sufficient access to manage traces and the SYSADMIN role in MSSQL Server (i.e. the ALTER TRACE permission), otherwise, a custom service account will be required. Based on the deployment scenarios described at the start of this chapter, other authentication options may be available.

    • Stand alone scenario. Two authentication options are available. As described above, the service account can be used for authentication, however, an alternate username and password can also be assigned on a per-audit policy basis, bypassing the need to use the service account credentials.

    • Failover cluster scenario. Using database credentials in the GUI may pose a security risk in a clustered environment as the hash of the credentials will traverse the local network when the configuration synchronizes over the LAN. If this is a concern we recommend that only the service account credentials are used. For comparability the option is available to use database credentials. For some clustered environments operating on Windows 2012 and MSSQL 2012 or 2014 you may have to specify a separate service account other then the built in SYSTEM account as it may not have enough privileges to operate. This service account will need to have the relevant local administrative privileges and be granted the SYSADMIN role in MSSQL server to operate.

Network Destination


This screen provides configurations for network destination. Following configurations can be configured.

  • Destination address  The name or IP address can be entered and comma delimited when several addresses are required.
  • Port  Configure the port, for example Snare Server users should only send events to port 6161 in native UDP or TCP, or 6163 for TLS/SSL, and Syslog via port 514.
  • Protocol  Select the network protocol (UDP,TCP,TLS and TLS_AUTH) you would like the agent to use when sending events.
  • TLS Authentication Key This option is available only for TLS_AUTH protocol. TLS authentication key should be the same as configured in destination. A valid TLS Authentication Key must be between 8-4096 characters and allowed characters include A-Za-z0-9~!@$%^*\()_+=`-
  • Use Host IP Address Override for source address  Enabling this setting will use the first network adaptor as listed in the network configuration as the source of the IP address

Network Control Interface


This screen provides a means to configure the Snare Agent's web interface.  Select from the following options to configure the Snare web interface:

  • Enable Web interface authentication:
    • No – Disable password

The web interface will operate without a password, allowing unauthenticated access to the configuration options. We strongly recommend that this option is not used on production systems as it will leave the agent vulnerable to unauthorised access.

    • Yes – Please enter a password

A user/password combination will be required to access the web interface. The user is always "snare" and the password will be set to text supplied in the "Password" field. It is recommended that you use a strong complex password and it complies with your corporate policies.

  • Local access only?  Selecting "Local access only" will configure the web interface to restrict access to local users only. Remote users will be unable to contact the web interface. 

Web Server Listen Port


This specifies the IP port the agent listens on to provide a configuration GUI. If multiple SQL instances exist on a clustered system, multiple agents will be installed listening on ports sequentially incrementing from this port. The default for the MSSQL Agent is 6163.

Select Destination Location


This screen provides a means to select the folder where the Agent will be installed. If the folder name specified does not exist, it will be created. In a failover cluster scenario, this location will be created on all available nodes.

It is important that this folder has at least enough space available to install the agent. By default, this folder will also be used for storing trace files, however an alternate location can be nominated via the Network Configuration window. It is recommended that this location be able to handle the disk IO associated with collecting the trace files. Refer to Total Trace Size for more information on space requirements for trace files.

By default, the installation wizard will install the directory 'SnareMSSQL' under the Program Files folder. If a different destination is desired, select the "Browse" button, or directly enter the full path name.

Select Start Menu Folder



Select the program group within the Start Menu under which a shortcut to the SnareMSSQL for Windows agents Remote Control Interface will be created.

Ready to Install



This screen provides a final summary of the chosen installation options. If the options listed are incorrect, select the "Back" button to return to previous screens and change their configuration.

Select the "Install" button to proceed with the listed choices, or "Cancel" to abort the installation without making any changes. The "Back" button may be used to return to the previous screen.

Information



This screen provides basic copyright information and useful links.

Completing the SnareMSSQL Setup Wizard




This is the final screen of the installation wizard. By default, a Readme.txt file will be opened after selecting "Finish". Please review this readme for details of the changes made to the agent.


  • No labels