Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The silent install option is provided for system administrators wishing to automate the process of installing Snare Enterprise Agent for MSSQL.

Command line options

The Snare Enterprise Agent for MSSQL installer has a number of command line options to support silent, automated installations in either deployment scenario:

  • /VerySilent – The Wizard will be hidden for the duration of the installation process. Any message boxes will still be displayed.
  • /SuppressMsgBoxes – Any messages boxes will be dismissed with the default answer.
  • /Log="filename" – Two log files will be create: filename and filename.Snare.log. The Wizard installation log will be written to filename and a detailed SnareMSSQL installation log will be written to filename.Snare.log.
  • /LoadInf="INFfile" – The INFfile is a template file produced by another Snare Enterprise Agent for MSSQL installation. It contains all the necessary information to complete the installation and configure the agent for normal operations. See below for more details on how to produce this file.
  • /SnarePass="ZPass" – For security reasons, some parts of the INFfile are encrypted and require a decryption password. ZPass is an encrypted version of the decryption password and is produced when creating the INFfile.
  • /Reinstall – Tell the installer to overwrite any existing installation.
  • /Upgrade – Tell the installer to upgrade the existing installation. If no existing installation is detected, the installer will abort. This option will only upgrade the SnareMSSQL files, all configuration settings will remain untouched and the "LoadInf" file will be ignored.
  • /UseHostIP – To enable the address resolution feature, to use the host IP address.  Value 0 for off, and 1 to allow.
  • /Destination– Set the IP address or hostname which the event records are sent.
  • /DestPort – Set the destination port for e.g Snare, syslog.
  • /SocketType –Set the protocol you would like the agent to use when sending events.  Values 0 (UDP),1(TCP),2 (TLS/SSL),3 (TLS_AUTH).
  • /TLSAuthKey – This option must be provided  when protocol is 3 (TLS_AUTH). The length of TLSAuthKey must be between (8-4096) characters and allowed characters include A-Za-z0-9\~!@$%^*()_+=`-
  • /RemoteLocal – To allow remote connections to the agent from localhost only. Value 0 for off, and 1 to allow.  Ensure /RemoteAllow and /AccessKey are also set with this option.
  • /RemoteAllow – To enable the remote access of the agent. Value 0 for off, and 1 to allow.
  • /AccessKey - Set the password for the remote access of the agent.
  • /License - Specify the file name of the license, for example /license="20180206-SnareAgent-Evaluation-AZP-CYT.sl". The license file must reside in the same directory. [available from v5.1]

If enabling web access with the command line options using /RemoteAllow and /RemoteLocal ensure the the password is set with /AccessKey.

When loading in an INF file for the MSSQL agent, ensure you use the parameters /SnarePass and /Reinstall.

Silent Install Setup Information File (INF)

To silently deploy a completely configured agent, the installer requires the help of a Setup Information File, also known as an INF file. To produce a working INF file, follow these steps:

  1. Install the Snare Enterprise Agent for MSSQL using the Wizard.
  2. Using the web interface configure the agent's Network, Remote Control and Heartbeat settings.
  3. Configure one or more audit policies targeting just one MSSQL instance.
  4. Ensure you have administrator rights, open a command prompt and browse to the directory where SnareMSSQL is installed.
  5. Run the following commands:
    • SnareMSSQL -x
      Export the information and error messages, along with the INF file contents to the screen.

    • SnareMSSQL -x <INFfile>
      Export the information and error messages to the screen and write the INF file contents to INFILE where <INFfile> is any file name for output, for use with the /LoadInf command line option.
  6. You will be prompted with:
    Please enter the Encryption Password for sensitive information
    Enter and re-enter the password as directed for either the Service Account and/or the Sensitive Information encryption. 
  7. Your encrypted Installation Password will be displayed.  Note down the Installation Password. The /SnarePass command line option will accept this encrypted password and use it to decrypt the sensitive information in INFfile.

Silent Deployment

To install using the silent installer:

  1. Copy the Snare binary to your Snare installation e.g. c:\program files\snaremssql
  2. Ensure you have administrator rights, open a command prompt and browse to the directory where the setup program is stored.
  3. To install the SnareMSSQL application with the options specified in the mysettings.INF file, and not display any pop-up windows and create installation log files, run the file:
    Snare-MSSQL-Agent-v{Version}-multiarch.exe /verysilent /suppressmsgboxes /reinstall /LoadInf="mysettings.inf" /SnarePass="TG7Syk1ryEo=" /Log="c:\temp\mylogfile"
    This option is suitable for packaging and non-interactive installations. 
     For deployment in a failover cluster scenario, this command only needs to be run on one node by an account with administrator privileges that extends to all nodes in the cluster.
  4. To install the agent using the network configuration settings allowing access to the remote control interface with password set: 
    Snare-MSSQL-Agent-v{Version}-multiarch.exe /usehostip=1 /destination=10.1.1.1 /destport=514 /sockettype=0 /reinstall /verysilent /remoteallow=1 /accesskey=mypassword




  • No labels