There may be times the Snare Support team require debug logs for investigation. Ensure you start a command prompt as Administrator and navigate to the folder where Epilog is installed, to retrieve the logs.
To retrieve debug logs for Epilog:
> net stop epilog
> epilog -c -d9 > myepilog.log 2>&1Where <myepilog.log> may be any name given to the log file. Continue to use Snare until you have an error, or enough time for your events to be processed. Due to buffering this may take many minutes. After this time, enter CTRL-C to end the debug log.
> net start epilog
Attach the log to your Snare Support issue.
...
To retrieve debug logs for Epilog as it communicates with the Snare Agent Manager:
> net stop epilog
> epilog -c -d SAM:trace > myepilog.log 2>&1Where <myepilog.log> may be any name given to the log file. Continue to use Epilog until you have an error, or enough time for your events to be processed. After this time, enter CTRL-C to end the debug log.
> net start epilog
Attach the log to your Snare Support issue.
A new feature is added from Epilog v5.6; where Epilog can be configured to generate the debug log at run time time i.e. no need to stop the epilog service. For more informaiton see the Snare Log page.
...