• Products
    LOG COLLECTOR
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Community Edition
    Open-source free log collector
    ADD-ONS FOR NXLOG ENTERPRISE EDITION
    NXLog Add-Ons
    Integration with various software
    AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Minder
    Hyper-scalable, API-first agent management
    DATABASE FOR NXLOG ENTERPRISE EDITION
    Raijin Database Engine
    The schemaless SQL database for storing events
    more from nxlog
    Professional Services
    Compare NXLog EE and CE
    NXLog Solution Packs
  • Downloads
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Community Edition
    Open-source free log collector
  • Solutions
    Integrations
    With SIEM, Devices, SaaS...
    Specfic OS support
    AIX, Linux, FreeBSD
    SCADA/ICS
    Energy, Oil & Gas, Transport...
    Windows Event log
    Collect locally or remotely, ..
    DNS Logging
    Enterprise-grade DNS log...
    Log Collection Modes
    Agent-based, Agentless or Cloud
    Agent Management
    Agents management and monitoring
    FIM
    File Integrity Monitoring
    macOS Logging
    ULS events, Apple System Logs ...
    By Industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Partners
    Find a Reseller
    Look for our resellers worldwide
    Technology Ecosystem
    See all our partners and integrations
    Partner Program
    Join our community of partners
  • Resources
    Documentation
    Products guides and integrations
    Blog
    Tutorials, updates and releases
    White papers
    Datasheets, infographics and more
    Videos
    Trainings and tutorial on specific topics
    Webinars
    Community events and webinars
    Case Studies
    Customer success stories
    Community Forum →
  • Support
  • Why Nxlog
    About Us
    Our journey, team and mission
    Customers
    Testimonials and case studies
    Careers
    We are hiring!
    Contact Us →
LOG COLLECTOR
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Community Edition
Open-source free log collector
ADD-ONS FOR NXLOG ENTERPRISE EDITION
NXLog Add-Ons
Integration with various software
AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
NXLog Manager
Manage and monitor NXLog instances
NXLog Minder
Hyper-scalable, API-first agent management
DATABASE FOR NXLOG ENTERPRISE EDITION
Raijin Database Engine
The schemaless SQL database for storing events
more from nxlog
Professional Services
Compare NXLog EE and CE
NXLog Solution Packs
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Manager
Manage and monitor NXLog instances
NXLog Community Edition
Open-source free log collector
Integrations
With SIEM, Devices, SaaS...
Specfic OS support
AIX, Linux, FreeBSD
SCADA/ICS
Energy, Oil & Gas, Transport...
Windows Event log
Collect locally or remotely, ..
DNS Logging
Enterprise-grade DNS log...
Log Collection Modes
Agent-based, Agentless or Cloud
Agent Management
Agents management and monitoring
FIM
File Integrity Monitoring
macOS Logging
ULS events, Apple System Logs ...
By Industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing
Find a Reseller
Look for our resellers worldwide
Technology Ecosystem
See all our partners and integrations
Partner Program
Join our community of partners
Documentation
Products guides and integrations
Blog
Tutorials, updates and releases
White papers
Datasheets, infographics and more
Videos
Trainings and tutorial on specific topics
Webinars
Community events and webinars
Case Studies
Customer success stories
Community Forum →
About Us
Our journey, team and mission
Customers
Testimonials and case studies
Careers
We are hiring!
Contact Us →
Request trial
  • Loading...
Request Trial
October 9, 2020 strategycomparisonagent

NXLog vs Snare

By Tamás Burtics

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

How does NXLog CE and EE compare to the Snare Enterprise Agent?

If you are reading this article, you may either be looking for a new log collection agent solution or seeking to replace and improve an existing deployment. This article provides information based on some fairly common questions from those who have migrated from Snare to NXLog.

Feature Comparison

There are multiple choices of log collection agents available on the market, some are free and have paid versions that come with official support. Similar to the Snare Enterprise edition, the NXLog Enterprise edition is actively maintained by NXLog and frequently enhanced by features demanded by the market.

In stark contrast to the legacy, open source Snare Lite agent (which is no longer secure and compliant according to Snare Lite on Sourceforge), the NXLog Community Edition offers superior features, such as a secure log collection agent supporting the latest major operating systems as well as providing both agent-based and agent-less logging solutions.

The NXLog Community and Enterprise Editions includes, and in many cases supersedes, the majority of the features of their Snare counterparts.

Note
As the Snare Lite agent is no longer supported by Snare, it is not included in the comparison table below. It would be unfair to compare any of our products to an insecure non-compliant product, as none of its features would be useful in any real-life scenario.
Table 1. Snare Enterprise vs NXLog Manager/CE and EE
Feature Snare Enterprise Agent NXLog Community Edition NXLog Enterprise Edition

Operating System Support

Microsoft Windows

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

MSI for Windows Platforms

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Linux

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Ubuntu

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Debian

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

RHEL

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

CentOS

cross mark 274c

heavy check mark 2714

heavy check mark 2714

AWS - Amazon Linux

cross mark 274c

cross mark 274c

heavy check mark 2714

Docker

cross mark 274c

heavy check mark 2714

heavy check mark 2714

Apple macOS

heavy check mark 2714

cross mark 274c

heavy check mark 2714

Solaris

heavy check mark 2714

cross mark 274c

heavy check mark 2714

SLES

heavy check mark 2714

cross mark 274c

heavy check mark 2714

Windows Nano Server

cross mark 274c

cross mark 274c

heavy check mark 2714

IBM AIX

cross mark 274c

cross mark 274c

heavy check mark 2714

FreeBSD and OpenBSD

cross mark 274c

cross mark 274c

heavy check mark 2714

Certifications and Partnerships

Technology Alliance partner with Splunk

cross mark 274c

heavy check mark 2714

heavy check mark 2714

Partner Product with RSA NetWitness

heavy check mark 2714

cross mark 274c

heavy check mark 2714

Part of the McAfee Security Innovation Alliance Partner Directory

cross mark 274c

cross mark 274c

heavy check mark 2714

Certified with the SUSE Linux Enterprise Ready Mark

cross mark 274c

cross mark 274c

heavy check mark 2714

Technology Certified with Red Hat Enterprise Linux

cross mark 274c

cross mark 274c

heavy check mark 2714

Certified on Windows Server 2016 and Windows Server 2019

cross mark 274c

cross mark 274c

heavy check mark 2714

Output Format Support

Snare Output Support

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Syslog Formatting (RFC5424)

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Syslog Formatting (RFC3164)

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

CEF Output Support

heavy check mark 2714

cross mark 274c

heavy check mark 2714

LEEF Output Support

heavy check mark 2714

cross mark 274c

heavy check mark 2714

JSON Output Support

cross mark 274c

heavy check mark 2714

heavy check mark 2714

GELF Output Support

cross mark 274c

heavy check mark 2714

heavy check mark 2714

XML Output Support

cross mark 274c

heavy check mark 2714

heavy check mark 2714

CSV Output Support

cross mark 274c

heavy check mark 2714

heavy check mark 2714

KVP Output Support

cross mark 274c

heavy check mark 2714

heavy check mark 2714

Log Processing Features

Log Caching

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Custom Windows Event Log Sources

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

UTC Logging

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Truncation of Verbose Event Text

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Filter for Events of Interest

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Debug Mode

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Message re-write

cross mark 274c

heavy check mark 2714

heavy check mark 2714

Correlation/Alerting

cross mark 274c

heavy check mark 2714

heavy check mark 2714

Event Tracing for Windows (ETW)

cross mark 274c

heavy check mark 2714

heavy check mark 2714

Browser-based UI Configuration

heavy check mark 2714

cross mark 274c

heavy check mark 2714*

Auditing Features

USB Monitoring

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

File Integrity Monitoring

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Linux Auditing

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Collect from Windows Auditing Events

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Windows Registry Monitoring

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Group Policy Support

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Linux or BSD kernel Auditing

heavy check mark 2714

cross mark 274c

heavy check mark 2714

AIX Auditing

cross mark 274c

cross mark 274c

heavy check mark 2714

Audit logs from Sun’s Basic Security Module auditing

cross mark 274c

cross mark 274c

heavy check mark 2714

Agent Networking and Output Features

Failover

cross mark 274c

cross mark 274c

heavy check mark 2714

TCP/UDP Message Delivery

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Delivery Over SSL/TLS

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

SSL/TLS Encryption

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Log Message Simulcasting

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Centralized Configuration Management

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Enhanced Event Throttling

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Agent Heartbeat

heavy check mark 2714

heavy check mark 2714

heavy check mark 2714

Windows Event Collector Support

heavy check mark 2714

cross mark 274c

heavy check mark 2714

*Using NXLog Manager

Support Writing in Multiple Formats

One of the most important aspect of logs is the format, it is crucial to achieving readable log files. And, above all it is best if logs are in a structured format, rather than as unstructured text. The format affects information availability, readability, manageability and size as well. As opposed to the limited output formats supported by Snare, NXLog supports multiple industry-standard formats such as:

  • CEF - Common Event Format (ArcSight)

  • LEEF - Log Event Extended Format (IBM QRadar)

  • GELF - Graylog Extended Log Format (Graylog)

  • Syslog RFC3164 - BSD Syslog protocol

  • Syslog RFC5424 - Syslog Protocol

  • JSON - JavaScript Object Notation

  • XML - Extensible Markup Language

  • KVP - Key-Value Pairs

  • CSV - Comma Separated Values

  • Snare or "Snare over Syslog" - Snare format with or without a Syslog header

The wider format support by NXLog also enables greater flexibility for the end-user and easier integration with third party products.

NXLog’s core design embraces structured logging, while Snare was primarily designed around its propritery Snare syslog format. In contrast, NXLog provides structured data support - such as JSON and KVP, as well as CSV and XML. Using structured logging can dramatically reduce the operation cost of a SIEM.

Integration with Third Party Products

In the world of Information Technology, infrastructure is dynamic. It is constantly being enhanced, upgraded, or even completely redesigned.

NXLog’s forte is its support for practically any operating system found in enterprise computing environments and its seamless integration with third party solutions such as IBM QRadar, Rapid7, Splunk Enterprise, FireEye, Helix, and Securonix just to name a few. For a comprehensive list, visit our integrations page.

NXLog also provides extensive documentation to help with the integrations. See the Integration section in the NXLog User Guide.

Footprint and Configuration

NXLog agents are lightweight and operate using minimal resources and can be run as a service practically unnoticeable in the background. With NXLog, you can get started right away with the text-based configuration, rather than going through the Snare setup wizard that ends up with a generic configuration that is unlikely to be tailored to your specific needs. In addition, any further NXLog installation instances will only require the custom configuration file that was created once to be deployed, potentially to thousands of agents, in an enterprise environment, which results in conserving considerable time and money.

Documentation and Product Support

Our constantly updated, ever-growing documentation, already well above 1,000 pages, is a stand-alone product in itself. It is complete with configuration samples, real-world examples, and integration guides offering much more than a generic manual. Alongside this self-help resource, there is also the Community Forum for the Community Edition users, as well as the dedicated support team for our Enterprise customers which is available 24/7 with a world-class, 4-hour SLA.

Conclusion

In light of the information presented, it is now readily apparent that NXLog is a viable alternative to Snare for logging in an enterprise environment.

For further information or questions, please contact us.

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.

  • snare
  • comparison
Share

Facebook Twitter LinkedIn Reddit Mail

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
Log Management and PCI DSS 4.0 compliance
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2023 NXLog Ltd.

PRIVACY POLICY TERMS OF USE

  • PRODUCTS
  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG ADD-ONS
  • NXLOG MANAGER
  • NXLOG MINDER
  • RAIJIN DATABASE
  • MORE NXLOG
  • COMPARE SOLUTIONS
  • INDUSTRIES
  • INTERGRATIONS
  • FIND A RESELLER
  • PARTNER PROGRAM
  • RESOURCES
  • DOCUMENTATION
  • WHITE PAPERS
  • WEBINARS
  • CASE STUDIES
  • TUTORIALS
  • BLOG
  • COMMUNITY FORUM
  • ABOUT US
  • WHY NXLOG
  • CUSTOMERS
  • CAREERS
  • CONTACT US
  • DOWNLOADS
  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG MINDER
  • NXLOG MANAGER
  • NXLOG ADD-ONS
  • RAIJIN DATABASE