For events to be collected, the SnareMSSQL service or services must be running. The status of the SnareMSSQL services may be confirmed via the Services listing in Windows. The Services listing may be found either under Administrative Tools or Ensure the SnareCore service is active by selecting Services from Control Panel->Administrative Tools->Computer Management->Services.
the Administrative Tools or Computer Management menus. For stand alone installations (see Chapter 3-Agent Installation for details on the deployment scenarios), if the service is not running, select start and automatic double click on the service name, then select Automatic from the Startup Type list so that the service is started automatically when the host is rebooted .
and then click the Start button. Click OK to save the settings. For failover cluster installations, there might be one or more services. Each service will be identified by the SnareMSSQL name followed by a dollar sign and the name of the instance being monitored, for example SnareMSSQL$NamedInst.
Once the SnareMSSQL Service is running, its status can be viewed via the remote control web interfaceWeb User Interface.
If necessary, to restart Snare via the command line, navigate to the folder where Snare is installed and as Administrator type:
> net stop snaremssql> net start snaremssqlThis will allow the configuration to be reread and send logs based on the new settings.