• An appropriate OSX Distribution.
  
• The SnareOSX package in binary format downloaded from the InterSect Alliance website. Snare for OSX provides the infrastructure required to filter, format and distribute audit log data to one or more central log collection systems.

Install Snare for OSX binary package.
There are two methods to install the Snare OSX Binary package. The first method uses the graphical OSX environment, the second method uses the command line installer.
To use the graphical environment:

1. Double click the package SnareOSX-1.1.6.pkg in the GUI
   
2. Follow the on screen instructions. This will install Snare for OSX and start/restart the audit daemon(auditd).
   
3. Restart the machine
   
   To use the command line
   
4. Logon as root user, i.e. at the command prompt enter the command sudo -s and enter the root password when prompted. Issue the command, as root: installer -pkg SnareOSX-1.1.0.pkg -target / This will install Snare for OSX and start/restart the audit daemon (auditd).
   
   
   
5. Restart the machine

Remove Snare for OSX binary package (if required).
OSX does not provide facilities for uninstallers for pkg based applications. Hence Intersect Alliance has provided an uninstall script to completely uninstall Snare for OSX if required. The uninstall script requires no confirmation. Hence once run it will uninstall Snare for OSX without any prompts. To uninstall Snare for OSX:

1. Logon as root user, ie at the command prompt enter the command:
   
   sudo -s and enter the root password.
   
2. Run the command: /Applications/Utilities/SnareAgent\ WebConsole.app/\ Contents/Resources/uninstall.sh