/
What happens to the logs when communication is lost between the Snare for Windows Agent and the server?
What happens to the logs when communication is lost between the Snare for Windows Agent and the server?
- Carlos Osorio
Owned by Carlos Osorio
Nov 10, 2020
SUMMARY
Aug 18, 2015
When the Snare for Windows Agent is in TCP mode and is unable to connect to the server, it maintains a bookmark of the last sent Windows log event and waits. The events aren't cached separately by the Agent, but rather it just waits until the server is ready before continuing to read the log and send more events through.
This means no extra space is taken up by Snare specifically for log events, rather that the space is used by the Windows event log with the cache size increased as required for long periods where the Agent cannot talk to the server.
, multiple selections available,
Related content
About Agent Caching
About Agent Caching
Read with this
How to send old Windows event logs
How to send old Windows event logs
More like this
Log Files
Log Files
More like this
Appendix C - Debug logs
Appendix C - Debug logs
More like this
Log Sources
Log Sources
More like this
Log Files
Log Files
More like this