Troubleshooting

Agent Processing Errors

These are the common errors that may be encountered when attempting to communicate with Snare Agents.

Unable to push config to agent version.

The version of the Snare Agent installed does not support pushing config. You will need to manually update it to correct configuration differences. 

Could not resolve an IP address, unable to communicate with agent.

The Console was unable to find an IP address to use to communicate with the Agent. Please configure your DNS server, or update the server hostname, to allow it to find a valid IP address.

Unable to find a listening port to connect to [ipaddress] on, agent could be offline.

The Console knows what IP address to use for the Agent, but none of the port numbers provided are valid. Please verify that the port configured on the Agent is the same as the one configured within the Console and that there are no firewalls or IP blocks preventing a connection.

Unable to find a password to authenticate to.

The Console is able to find the Agent and the right port, however, none of the passwords specified in the console are working. Please verify the Agent password is listed in the Snare Configuration Wizard, or the Agent Management Console.

Debugging

When debugging communication problems between the Console and the Agent, there are a couple of things to check:

  1. The network allows communications from the Server to the Agent.
  2. The Agent has Remote Management enabled.
  3. The Remote Management port matches the port configured in the Console.
  4. The Remote Management password matches the password configured in the Console.
  5. You are using a supported Snare Agent version.

Why are there more "Agents" listed than I can manage?

Every device that reports data to the Snare Central Server will be listed on the Snare Agents page in one of the status groups, even the devices that aren't compatible Snare Agents. This is because the Snare Central Server cannot identify compatible Snare Agents from other devices when they are reporting data to the Server. As a result, they are all processed using the type, hostname, and version filters specified for the management objective, and will be discounted for the most appropriate version.

It's quite common for syslog servers, or the Snare Browser Agents, to be listed on this page even though they cannot be managed. You can safely ignore these extra devices listed on this page, and after a device hasn't reported to the Server for over 3 months, it will be removed from the list.