Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


SUMMARY

To further investigate your issue, it is helpful if the Support team is provided with the debug log for your agent. This will log information on objectives that are targeted and for Epilog, any filename and new log records it has detected.

Snare Agent for Windows

Start a command prompt on the machine where Snare is installed, as Administrator and change directory to your Snare installation (e.g. c:\Program Files\Snare).
Execute the following:

> net stop snare
> snarecore -c -d9 > my-debug.log
 (where my-debug.log is the name given to your file output)

Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket.  Don't forget to restart Snare:

> net start snare

 

Snare Epilog for Windows

Start a command prompt on the machine where Epilog is installed, as Administrator and change directory to your Epilog installation (e.g. c:\Program Files\Epilog).
Execute the following:

> net stop epilog
> epilog -d9 > my-debug.log
 (where my-debug.log is the name given to your file output)

Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket.  Don't forget to restart Snare:

> net start epilog

 

Snare Agent for MSSQL

Start a command prompt on the machine where Snare MSSQL is installed, as Administrator and change directory to your Snare MSSQL installation (e.g. c:\Program Files\SnareMSSQL).
Execute the following:

> net stop snaremssql
> snaremssql -c -d9 > my-debug.log    [on standalone]
or
> snaremssql -s  > my-debug.log    [to specify instance if on cluster]
 (where my-debug.log is the name given to your file output)

Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket.  Don't forget to restart Snare:

> net start snaremssql

Snare Agent Manager (SAM)

Again start an admin cmd prompt on the system. Stop the existing SAM service then run the in debug mode from the command line. Be sure to cd to the install folder being C:\Program Files\Intersect Alliance\Snare Agent Manager

> net stop snaream.exe
> snareAM.exe -c -d9 > 2>&1 my-samdebug.log 
> net start snaream.exe
  • No labels