For events to be collected, the SnareMSSQL service or services must be running. The status of the SnareMSSQL services may be confirmed via the Services listing in Windows. The Services listing may be found either under Administrative Tools or Ensure the SnareCore service is active by selecting Services from Control Panel->Administrative Tools->Computer Management->Services. 
the Administrative Tools or Computer Management menus. For stand alone installations, if the service is not running, double click on the service name, select start and automatic then select Automatic from the Startup Type list so that the service is started automatically when the host is rebooted .and then click the Start button. Click OK to save the settings. For failover cluster installations, there might be one or more services. Each service will be identified by the SnareMSSQL name followed by a dollar sign and the name of the instance being monitored, for example SnareMSSQL$NamedInst. Once the SnareMSSQL Service is running, its status can be viewed via the Remote Control Web User Interface.
If necessary, to restart Snare via the command line, navigate to the folder where Snare is installed and as Administrator type:
> net stop snaremssql> net start snaremssqlThis will allow the configuration to be reread and send logs based on the new settings.