Can Snare process Forwarded Event Logs?


SUMMARY

Jul 06, 2015

The native Snare for Windows agent (OpenSource, Legacy agents) will have problems processing windows logs that are forwarded using the WinRM collection method that will poll remote systems to collect their event logs and store them in the Forwarded Events log.

To solve this we have released a special agent version called Snare Enterprise Agent with Windows Event Collection (or Snare WEC) that will process the windows Forwarded Events log and format the logs so they will appear to come from the original host.

This Snare WEC agent is available from v5.0.2 and requires its own license (contact your Snare Sales representative for more information) and will collect all the standard Windows logs the standard enterprise agent performs, plus the Forwarded Events log details. An extra check box is available for the log source location being the Forwarded Events log in the objective collection which is enabled by default for this agent.