• Products
    LOG COLLECTOR
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Community Edition
    Open-source free log collector
    ADD-ONS FOR NXLOG ENTERPRISE EDITION
    NXLog Add-Ons
    Integration with various software
    AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Minder
    Hyper-scalable, API-first agent management
    DATABASE FOR NXLOG ENTERPRISE EDITION
    Raijin Database Engine
    The schemaless SQL database for storing events
    more from nxlog
    Professional Services
    Compare NXLog EE and CE
  • Downloads
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Community Edition
    Open-source free log collector
  • Solutions
    Integrations
    With SIEM, Devices, SaaS...
    Specfic OS support
    AIX, Linux, FreeBSD
    SCADA/ICS
    Energy, Oil & Gas, Transport...
    Windows Event log
    Collect locally or remotely, ..
    DNS Logging
    Enterprise-grade DNS log...
    Log Collection Modes
    Agent-based, Agentless or Cloud
    Agent Management
    Agents management and monitoring
    FIM
    File Integrity Monitoring
    macOS Logging
    ULS events, Apple System Logs ...

    By Industry

    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Partners
    Find a Reseller
    Look for our resellers worldwide
    Technology Ecosystem
    See all our partners and integrations
    Partner Program
    Join our community of partners
    Partner Portal →
  • Resources
    Documentation
    Products guides and integrations
    Blog
    Tutorials, updates and releases
    White papers
    Datasheets, infographics and more
    Videos
    Trainings and tutorial on specific topics
    Webinars
    Community events and webinars
    Community Forum →
  • Support
  • Why Nxlog
    About Us
    Our journey, team and mission
    Customers
    Testimonials and case studies
    Careers
    We are hiring!
    Contact Us →
Log In Sign Up
Request Trial
LOG COLLECTOR
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Community Edition
Open-source free log collector
ADD-ONS FOR NXLOG ENTERPRISE EDITION
NXLog Add-Ons
Integration with various software
AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
NXLog Manager
Manage and monitor NXLog instances
NXLog Minder
Hyper-scalable, API-first agent management
DATABASE FOR NXLOG ENTERPRISE EDITION
Raijin Database Engine
The schemaless SQL database for storing events
more from nxlog
Professional Services
Compare NXLog EE and CE
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Manager
Manage and monitor NXLog instances
NXLog Community Edition
Open-source free log collector
Integrations
With SIEM, Devices, SaaS...
Specfic OS support
AIX, Linux, FreeBSD
SCADA/ICS
Energy, Oil & Gas, Transport...
Windows Event log
Collect locally or remotely, ..
DNS Logging
Enterprise-grade DNS log...
Log Collection Modes
Agent-based, Agentless or Cloud
Agent Management
Agents management and monitoring
FIM
File Integrity Monitoring
macOS Logging
ULS events, Apple System Logs ...

By Industry

Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing
Find a Reseller
Look for our resellers worldwide
Technology Ecosystem
See all our partners and integrations
Partner Program
Join our community of partners
Partner Portal →
Documentation
Products guides and integrations
Blog
Tutorials, updates and releases
White papers
Datasheets, infographics and more
Videos
Trainings and tutorial on specific topics
Webinars
Community events and webinars
Community Forum →
Support
About Us
Our journey, team and mission
Customers
Testimonials and case studies
Careers
We are hiring!
Contact Us →
  • Loading...
Request Trial
October 9, 2020 strategycomparisonagent

NXLog vs Snare

By Tamás Burtics

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

How does NXLog CE and EE compare to the Snare Enterprise Agent?

If you are reading this article, you may either be looking for a new log collection agent solution or seeking to replace and improve an existing deployment. This article provides information based on some fairly common questions from those who have migrated from Snare to NXLog.

Feature Comparison

There are multiple choices of log collection agents available on the market, some are free and have paid versions that come with official support. Similar to the Snare Enterprise edition, the NXLog Enterprise edition is actively maintained by NXLog and frequently enhanced by features demanded by the market.

In stark contrast to the legacy, open source Snare Lite agent (which is no longer secure and compliant according to Snare Lite on Sourceforge), the NXLog Community Edition offers superior features, such as a secure log collection agent supporting the latest major operating systems as well as providing both agent-based and agent-less logging solutions.

The NXLog Community and Enterprise Editions includes, and in many cases supersedes, the majority of the features of their Snare counterparts.

Note
As the Snare Lite agent is no longer supported by Snare, it is not included in the comparison table below. It would be unfair to compare any of our products to an insecure non-compliant product, as none of its features would be useful in any real-life scenario.
Table 1. Snare Enterprise vs NXLog Manager/CE and EE
Feature Snare Enterprise Agent NXLog Community Edition NXLog Enterprise Edition

Operating System Support

Microsoft Windows

20

20

20

MSI for Windows Platforms

20

20

20

Linux

20

20

20

Ubuntu

20

20

20

Debian

20

20

20

RHEL

20

20

20

CentOS

20

20

20

AWS - Amazon Linux

20

20

20

Docker

20

20

20

Apple macOS

20

20

20

Solaris

20

20

20

SLES

20

20

20

Windows Nano Server

20

20

20

IBM AIX

20

20

20

FreeBSD and OpenBSD

20

20

20

Android

20

20

20

Certifications and Partnerships

Technology Alliance partner with Splunk

20

20

20

Partner Product with RSA NetWitness

20

20

20

Part of the McAfee Security Innovation Alliance Partner Directory

20

20

20

Certified with the SUSE Linux Enterprise Ready Mark

20

20

20

Technology Certified with Red Hat Enterprise Linux

20

20

20

Certified on Windows Server 2016 and Windows Server 2019

20

20

20

Output Format Support

Snare Output Support

20

20

20

Syslog Formatting (RFC5424)

20

20

20

Syslog Formatting (RFC3164)

20

20

20

CEF Output Support

20

20

20

LEEF Output Support

20

20

20

JSON Output Support

20

20

20

GELF Output Support

20

20

20

XML Output Support

20

20

20

CSV Output Support

20

20

20

KVP Output Support

20

20

20

Log Processing Features

Log Caching

20

20

20

Custom Windows Event Log Sources

20

20

20

UTC Logging

20

20

20

Truncation of Verbose Event Text

20

20

20

Filter for Events of Interest

20

20

20

Debug Mode

20

20

20

Message re-write

20

20

20

Correlation/Alerting

20

20

20

Event Tracing for Windows (ETW)

20

20

20

Browser-based UI Configuration

20

20

20*

Auditing Features

USB Monitoring

20

20

20

File Integrity Monitoring

20

20

20

Linux Auditing

20

20

20

Collect from Windows Auditing Events

20

20

20

Windows Registry Monitoring

20

20

20

Group Policy Support

20

20

20

Linux or BSD kernel Auditing

20

20

20

AIX Auditing

20

20

20

Audit logs from Sun’s Basic Security Module auditing

20

20

20

Agent Networking and Output Features

Failover

20

20

20

TCP/UDP Message Delivery

20

20

20

Delivery Over SSL/TLS

20

20

20

SSL/TLS Encryption

20

20

20

Log Message Simulcasting

20

20

20

Centralized Configuration Management

20

20

20

Enhanced Event Throttling

20

20

20

Agent Heartbeat

20

20

20

Windows Event Collector Support

20

20

20

*Using NXLog Manager

Support Writing in Multiple Formats

One of the most important aspect of logs is the format, it is crucial to achieving readable log files. And, above all it is best if logs are in a structured format, rather than as unstructured text. The format affects information availability, readability, manageability and size as well. As opposed to the limited output formats supported by Snare, NXLog supports multiple industry-standard formats such as:

  • CEF - Common Event Format (ArcSight)

  • LEEF - Log Event Extended Format (IBM QRadar)

  • GELF - Graylog Extended Log Format (Graylog)

  • Syslog RFC3164 - BSD Syslog protocol

  • Syslog RFC5424 - Syslog Protocol

  • JSON - JavaScript Object Notation

  • XML - Extensible Markup Language

  • KVP - Key-Value Pairs

  • CSV - Comma Separated Values

  • Snare or "Snare over Syslog" - Snare format with or without a Syslog header

The wider format support by NXLog also enables greater flexibility for the end-user and easier integration with third party products.

NXLog’s core design embraces structured logging, while Snare was primarily designed around its propritery Snare syslog format. In contrast, NXLog provides structured data support - such as JSON and KVP, as well as CSV and XML. Using structured logging can dramatically reduce the operation cost of a SIEM.

Integration with Third Party Products

In the world of Information Technology, infrastructure is dynamic. It is constantly being enhanced, upgraded, or even completely redesigned.

NXLog’s forte is its support for practically any operating system found in enterprise computing environments and its seamless integration with third party solutions such as IBM QRadar, Rapid7, Splunk Enterprise, FireEye, Helix, and Securonix just to name a few. For a comprehensive list, visit our integrations page.

NXLog also provides extensive documentation to help with the integrations. See the Integration section in the NXLog User Guide.

Footprint and Configuration

NXLog agents are lightweight and operate using minimal resources and can be run as a service practically unnoticeable in the background. With NXLog, you can get started right away with the text-based configuration, rather than going through the Snare setup wizard that ends up with a generic configuration that is unlikely to be tailored to your specific needs. In addition, any further NXLog installation instances will only require the custom configuration file that was created once to be deployed, potentially to thousands of agents, in an enterprise environment, which results in conserving considerable time and money.

Documentation and Product Support

Our constantly updated, ever-growing documentation, already well above 1,000 pages, is a stand-alone product in itself. It is complete with configuration samples, real-world examples, and integration guides offering much more than a generic manual. Alongside this self-help resource, there is also the Community Forum for the Community Edition users, as well as the dedicated support team for our Enterprise customers which is available 24/7 with a world-class, 4-hour SLA.

Conclusion

In light of the information presented, it is now readily apparent that NXLog is a viable alternative to Snare for logging in an enterprise environment.

For further information or questions, please contact us.

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.

  • snare
  • comparison
Share

Facebook Twitter LinkedIn Reddit Mail

Stay connected:

Sign up

Keep up to date with our weekly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2023 NXLog Ltd.

PRIVACY POLICY TERMS OF USE

  • PRODUCTS

  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG ADD-ONS
  • NXLOG MANAGER
  • NXLOG MINDER
  • RAIJIN DATABASE
  • MORE NXLOG

  • COMPARE SOLUTIONS
  • INDUSTRIES
  • INTERGRATIONS
  • FIND A RESELLER
  • PARTNER PROGRAM
  • RESOURCES

  • DOCUMENTATION
  • WHITE PAPERS
  • WEBINARS
  • TUTORIALS
  • BLOG
  • COMMUNITY FORUM
  • ABOUT US

  • WHY NXLOG
  • CUSTOMERS
  • CAREERS
  • CONTACT US
  • DOWNLOADS

  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG MINDER
  • NXLOG MANAGER
  • NXLOG ADD-ONS
  • RAIJIN DATABASE