/
Setup Wizard

Setup Wizard

Owned by Andrew Madge
Last updated: Sept 16, 2020

The wizard guides the user through the setup and configuration of the reflector, including adding destinations, changing passwords, applying licenses and more.  Select Next to move to the next step or Previous to go back to the last page.  You may exit the Setup Wizard at any time by selecting the Exit Wizard button.  The wizard directs the user through the following screens:

  1. Add a License. This is required in order to use Snare Reflector.

  2. Add Destinations. At least one destination is required for Snare Reflector to operate.  Destinations are described in the next section.

  3. The General Settings. This page shows various settings relating to the event cache and disk cache which are described in more detail below.

  4. Alert Settings.  Snare Reflector can be configured to notify someone whenever the disk cache reaches a specified capacity.

  5. The Dashboard. This page shows the Snare Reflector dashboard.

  6. Update Your Password. It is highly recommended that the default password is changed.

Step 1: Add a License

 

For full licenses copy your KeyIDs and generate the license in your SLDM account.  Then copy and paste that license into the text box and select Add.For evaluation licenses, paste the license that has been supplied to you into the text box provided and select Add.  If the license is valid a green status message will appear at the bottom of the screen "The license has been successfully added!" and the Wizard will change the status of "License installed" from a red cross to a green tick.

 

Select "Next to move to the next step.

Don't have a license? Contact your Snare Sales representative, or download from SLDM, or submit an issue into Snare Support.

Step 2: Add Destinations

If a syslog destination was added at install time, then this step is already completed and a green tick will appear.  Otherwise, add a destination now by entering:

  • the hostname or IP address of the destination server

  • the port number of the destination

  • the protocol for sending events (one of TCP, UDP, TLS or TLS_AUTH), and

  • the destination format.

These configurable items along with instructions for adding regular expressions and search-and-replace filters are described in more detail in the section Add New Destinations below.

Select Next to move to the next step.

Step 3: The General Settings

  

This screen displays the general configurable settings for the Snare Reflector which may be changed.  These include

  • the Web Management Port, which defaults to 6111

  • the digital Certificates to be used for Web UI HTTPS interaction and the TLS listener, including the ability to generate a new Self Signed Certificate

  • the network Destination Certificate Verification method

  • the Event Cache memory size

  • the Disk Cache folder location

  • the Disk Cache file size, and

  • the Disk Cache email alert threshold, which is a percentage of the Disk Cache file size and provides an email alert if the Disk Cache fills past this percentage of total capacity.

  • the Listener TLS Authentication Key, which log sources use to establish a TLS_AUTH connection with reflector

These configurable items are described in more detail in the section below.  Select Next to move to the next step.

Step 4: Alert Settings

 

 This screen lets you configure who to notify (via email) if the disk cache fills to a certain threshold of total capacity.  The configurable items are:

  • the outgoing mail server

  • the corresponding SMTP port.

  • selecting the mode of authentication and encryption.  

  • the email address of the person who is to receive the alert

  • the email address identifying the send of the alert email.

If Encryption is specified, then Snare Reflector will automatically select the highest available SSL/TLS version.  Support protocols are SSL2, SSL3, TLS1.0, TLS1.1 and TLS1.2.

If Authentication is specified, then you are also required to enter the user name and password to log in to the SMTP server. The disk cache email alert threshold can be specified in the General Settings menu.  

These configurable items are described in more detail in the section below.  Select Next to move to the next step.

Step 5: The Dashboard

 

 If you added a Syslog destination during the installation and added a license during Step 1 of the Wizard, then the dashboard will display the status of incoming and outgoing events.  However, if Snare Reflector is unlicensed, then it will display a message on the dashboard indicating that events are being collected, but not reflected to any destinations:


Select Next to move to the next step.

Step 6: Update Your Password

 

This screen allows you to change your password. It is highly recommended to set a strong complex password of at least 10 characters.  Enter the current password in the Current Password box. Then enter the new password twice, once in the New Password box and again in the Confirm Password box.

Selecting Finish from this point will leave you in the My Account screen. Otherwise select Go To Dashboard to check the status of incoming and outgoing events.

Note

If you require to restart the Setup Wizard at any time, navigate to Settings | General and select Restart Wizard.