SUMMARY
To further investigate your issue, it is helpful if the Support team is provided with the debug log for your agent. This will log information on objectives that are targeted and for Epilog, any filename and new log records it has detected.
Snare Agent for Windows
Start a command prompt on the machine where Snare is installed, as Administrator and change directory to your Snare installation (e.g. c:\Program Files\Snare).
Execute the following:
> net stop snare > snarecore -c -d9 > my-debug.log (where my-debug.log is the name given to your file output)
Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket. Don't forget to restart Snare:
> net start snare
Snare Epilog for Windows
Start a command prompt on the machine where Epilog is installed, as Administrator and change directory to your Epilog installation (e.g. c:\Program Files\Epilog).
Execute the following:
> net stop epilog > epilog -d9 > my-debug.log (where my-debug.log is the name given to your file output)
Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket. Don't forget to restart Snare:
> net start epilog
Snare Agent for MSSQL
Start a command prompt on the machine where Snare MSSQL is installed, as Administrator and change directory to your Snare MSSQL installation (e.g. c:\Program Files\SnareMSSQL).
Execute the following:
> net stop snaremssql > snaremssql -c -d9 > my-debug.log [on standalone] or > snaremssql -s > my-debug.log [to specify instance if on cluster] (where my-debug.log is the name given to your file output)
Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket. Don't forget to restart Snare:
> net start snaremssql
Snare Agent Manager (SAM)
Again start an admin cmd prompt on the system. Stop the existing SAM service then run the in debug mode from the command line. Be sure to cd to the install folder being C:\Program Files\Intersect Alliance\Snare Agent Manager
> net stop snaream.exe > snareAM.exe -c -d9 > 2>&1 my-samdebug.log Let this run for a few minutes and then Ctrl-C to stop the log. > net start snaream.exe