Deploying SNARE Epilog for Windows allows you to capture, filter, and forward flat text-based log files (such as IIS, Apache, or custom application logs) directly to your SIEM platform. Modern versions of the Snare Enterprise Agent for Windows have this log-auditing and Epilog functionality built directly into the core agent, eliminating the need to manage two separate installations.
This deployment guide covers the essential requirements, standard installation steps, silent enterprise deployment options, and final configuration validation. Deployment Prerequisites
Ensure your target system meets the necessary security, network, and system baselines before initiating installation:
Administrative Privileges: You must run the installer with full Administrator rights.
Network Firewalls: Open the necessary communication pathways. The default reception port for Snare data is Port 6161 (TCP/UDP), or Port 514 if you are routing directly to standard Syslog collectors.
Target Log Paths: Identify the exact directory paths of the text files you need to monitor. Step-by-Step Installation Methods Method 1: Interactive GUI Installation
Best for single-server setups, testing environments, or initial template creation.
Download the Installer: Retrieve the executable asset from the official Snare Solutions Agent Portal.
Launch Setup: Right-click the .exe file and select Run as Administrator.
Configure the Remote Control Interface (RCI): The setup wizard will prompt you to set an administrative password. Do not skip this step—securing the web UI prevents unauthorized tampering with your logging configuration.
Set Destination Server: Enter the primary IP address or domain name of your central SIEM, Snare Central, or Syslog collector.
Complete the Wizard: Follow the remaining defaults to complete the extraction and start the background service. Method 2: Enterprise Silent Deployment
Best for mass deployment across production clusters via Group Policy (GPO), SCCM, or administrative scripts. Snare Agents | Centralized Log Collection & Log Monitoring
Leave a Reply