Overview of Snare Epilog

Owned by Mirza Baig (Unlicensed)
Last updated: Sept 13, 2018
1 min read

Epilog operates through the actions of a single component- the Epilog service based application (epilog.exe) and can be remotely controlled and monitored using a standard web browser.. The Epilog service interfaces with the Windows text-based log files to read, filter and send event logs to a remote host. The logs are filtered according to a set of objectives chosen by the administrator, and passed over a network, using the UDP or TCP protocol or optionally TLS encryption protocol to a remote server. The Epilog service is able to be remotely controlled and monitored using a standard web browser, or via a custom designed tool.

The Epilog service reads event log data from the identified text files. Epilog appends a TAB delimited header to the string of the event log record, suitable for sending to a SYSLOG or Snare Server. This format is further discussed in Appendix A.