An alternative to Snare Agent – NXLOG

An alternative to Snare Agent – NXLOG

Many companies running SIEM are using Snare agent, especially Snare for Windows. The need for collection of Windows Event Log data (as well as other Windows log files) and transferring it in syslog format is nothing new to the industry. It is even surprising that it has not been yet addressed by Microsoft. Without doubt we can say that Snare is a leading vendor in this field. Snare agent Enterprise version is providing a lot of useful features, for example Agent Heartbeat, TLS encryption and of course Guaranteed message delivery (log transmission via TCP protocol). In Test/DEV environments we may use Snare agent OpenSource, however it supports only UDP data transfer.

An alternative to Snare is NXLog. It also has both free and Enterprise edition, however NXLog Community Edition has much more features than Snare agent OpenSource (in particular, TCP and TLS support).

Below a short comparison.

Snare OpenSource Snare Enterprise Edition NXLog Community Edition NXLog Enterprise edition
TCP message delivery

SSL/TLS encryption

Event log buffering

Event filtering

Agent heartbeat  

Remote control interface (WEB GUI)

 

UTC logging  

Message re-write  

 

Correlation/Alerting    

Output

Snare format

Snare format Snare format, GELF, JSON, XML and other

Snare format, GELF, JSON, XML and other

 

Another product with similar functionalities is BALABIT syslog-ng for Windows.

References

  1. https://www.intersectalliance.com/why-snare-enterprise/
  2. https://nxlog.org/products/nxlog-community-edition/features
  3. https://nxlog.org/products/nxlog-enterprise-edition/features

 

3 thoughts on “An alternative to Snare Agent – NXLOG

  1. May I propose to add one more sentence. Nxlog is very nice tool, but as 3rd party company you are not allowed to use community version to provide service.

  2. Hello do you know that you can increase your conversion ratio couple of times
    and earn additional cash every day. There is awesome landing pages
    tool. It’s very easy even for noobs, if you are interested simply search in gooogle:
    pandatsor’s tools

  3. I have noticed you don’t monetize cyberdefense.pl, don’t waste your traffic, you can earn additional cash every month with new monetization method.
    This is the best adsense alternative for any type of website (they approve all sites), for more details simply
    search in gooogle: murgrabia’s tools

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.