Snare Agents

Owned by Svetlana Sheptiy
Last updated: May 15, 2024 by Andrew Madge


Remote Management

This section provides the ability to audit and manage the configuration of the Snare Agents within your environment.  By default it contains a single 'Manage Agents' objective, but this objective can be cloned, renamed, and deleted to support as many different combinations of agent configurations as required. The "..." button to the right of the objective will allow you to clone and otherwise manage the objective, using a system very similar to that provided for reporting objectives.

AMC (Agent Management Console) is a tool within the Snare Server that enables remote management of Snare Agents through the Snare Central interface.

Starting from Snare Central v8.6.0 AMC is superseded by Snare Agent Manager (SAM) that introduces a new configuration management capability for Snare Agents v5.8.0 and newer. 
Instead of pushing configuration to agents, SAM allows agents to pull configuration, thus eliminating the need to have an open web port on agent end points.
For details, refer to SAM User Guide > Agents > Agents Policies Management

It is recommended to manage Snare Agents v5.8.0 or newer in Snare Agent Manager (SAM), as AMC will be deprecated in the future.

For Migration instructions, please refer to  SAM User Guide > Appendix A - AMC to SAM Migration Guide for Remote Agents Configuration Management


The AMC enables administrators to set up automatic audits of the configuration of Agents within their fleet. The administrators specify a Master Configuration, which represents the required configuration of the fleet Agents. This Master Configuration is then compared to the actual configuration of each of the Agents within their network based on the filters in the AMC objective. Any discrepancies that are found are listed, and alerts sent out as required. Any Agents that were uncontactable during the process are also identified in the relevant tab. The results of these configuration audits provide information to the administrators that can be used to identify if the configurations of any Agents have been unexpectedly modified vs the approved master configuration. 

The AMC also provides the ability to push the specified Master Configuration out to each of the Agents under management to enable fleet-wide configuration changes from a centralized location. This also ensures that any unauthorized configuration changes on the Agents are reverted automatically and updated based on the approved master template. 

Snare Agents that are reporting directly to the Snare Server are automatically detected by the AMC. Snare agents that receive licenses from the local "Snare Agent Manager" will also be automatically detected.

For other situations where there are Agents that are not reporting directly to the Snare Server, a list of custom Agents can be manually added into the AMC using the non-reporting agent options in the AMC configuration where the AMC can scan the network on specific IP ranges looking for Snare agents.

A complete guide to using the Agent Management Console can be found in the "Snare Server v8 Agent Management Console" user guide.

No other objectives within the Agent Management, Status or System menu can be cloned - this ability is available for AMC-related objectives only.


User and Group Query

This is a simple objective that scans the user and group details retrieved from various Snare Agents as part of the "Retrieve Data" objectives within "Snare Agents". It can display users/groups pulled directly from Snare agents, or from Active Directory/LDAP (if enabled).

User and group information is used to enhance reporting, when available - for example, SID to UserName translation, or username to full name enhancement.



Utilise the search functions to scan for particular users or groups of interest. The search function provides a very basic query builder. Results are returned in tabular form.

Retrieve System Data Using Agents

AIX Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for AIX Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by AIX objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

In order to run this objective successfully, you should have at least one 'Snare for AIX' agent installed on a server that has full YP visibility, with 'remote control' activated, and a password set that matches either the 'override' password explicitly configured for this objective, or the password set under the 'Configuration Wizard'. In addition, the system in question should be reachable by the Snare Server from a network perspective (eg: firewalls between the Snare Server and the YP master should allow TCP connections from the Snare Server to the remote system on TCP port 6161).

Cognos Users and Groups

Retrieve users and groups by connecting to a Cognos-specific LDAP server that has been configured to allow the Snare Server IP address to download Cognos user and group information.

User and group information will be used by Cognos objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

Irix Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Irix Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by Irix objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

LDAP Users and Groups

Retrieve users and groups by connecting to a generic LDAP server that has been configured to allow the Snare Server IP address to scan for user and group information.

Linux Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Linux Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by Linux objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

OS400 Users and Groups

Search for files generated with the AS/400 DSPUSRPRF tool, that have been transferred to the /data/SnareCollect/OS400Users directory on the Snare Server, and retrieve user account information, and related user flags from the file.

Retrieve Notes Data for Yesterday

Lotus Notes Event Logs: Since no agent currently exists for Lotus Notes, this objective attempts to connect to a target Domino server, and download the log.nsf (MiscEvents, MailRoutingEvents, ReplicationEvents and NNTPEvents), catalog.nsf, and names.nsf databases, and insert the resulting data into appropriate data stores on the Snare Server.

User and Group information, plus notes access controls are also downloaded. Depending on your log volume, and data retention settings within Lotus Notes, you may need to modify some settings within Domino, in order for Domino to return appropriate results back to the Snare Server. Within the Domino web server configuration page is a section named "Conversion/Display". From the Domino Administrator, click the Configuration tab, expand the Web section and click Internet Sites.

  1. Choose the Web Site document you want to edit and click Edit Document.
  2. Click the Domino Web Engine tab. Under "Conversion/Display", the default settings are: Default lines per view page: 30 Maximum lines per view page: 1000. These values should be configured as follows:
    1. Default lines per view page: 250
    2. Maximum lines per view page: 0


The objective will attempt to download event log data tagged with a date/time of "yesterday's" date, by Lotus Notes. It is recommended that this objective be configured to run once per day.

User and group information will be used by user/group snapshot objectives.

Solaris Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Solaris Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by Solaris objectives to convert numeric user and group ID information into user/group names, and to implement user/group snapshot objectives.

In order to run this objective successfully, you should have at least one 'Snare for Solaris' agent installed on a server that has full NIS visibility, with 'remote control' activated.

Windows Users and Groups

Retrieve users and groups by connecting to all, or specific, Snare for Windows Agents that have sent data to the Snare Server, and requesting a dump of the user and group data.

User and group information will be used by Windows objectives to convert SID information into user names, and to implement user/group snapshot objectives.

In order to run this objective successfully, you should have at least one 'Snare for Windows' agent installed on a Domain Controller or Member Server, with 'remote control' activated.