/
Snare Agents and SAM – Getting the Debug Log

Snare Agents and SAM – Getting the Debug Log

Owned by Carlos Osorio
Last updated: Sept 20, 2024 by Steve Challans
2 min read


SUMMARY

To further investigate your issue, it is helpful if the Support team is provided with the debug log for your agent. This will log information on objectives that are targeted and for Epilog, any filename and new log records it has detected.

Snare Agent for Windows

Start a command prompt on the machine where Snare is installed, as Administrator and change directory to your Snare installation (e.g. c:\Program Files\Snare).
Execute the following:

> net stop snare > snarecore -c -d9 > my-debug.log 2>&1 (where my-debug.log is the name given to your file output)

Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket.  Don't forget to restart Snare:

> net start snare

 

Snare Epilog for Windows

Start a command prompt on the machine where Epilog is installed, as Administrator and change directory to your Epilog installation (e.g. c:\Program Files\Epilog).
Execute the following:

> net stop epilog > epilog -d9 > my-debug.log 2>&1 (where my-debug.log is the name given to your file output)

Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket.  Don't forget to restart Snare:

> net start epilog

 

Snare Agent for MSSQL

Start a command prompt on the machine where Snare MSSQL is installed, as Administrator and change directory to your Snare MSSQL installation (e.g. c:\Program Files\SnareMSSQL).
Execute the following:

> net stop snaremssql > snaremssql -c -d9 > my-debug.log 2>&1 [on standalone] or > snaremssql -s > my-debug.log 2>&1 [to specify instance if on cluster] (where my-debug.log is the name given to your file output)

Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket.  Don't forget to restart Snare:

> net start snaremssql

 

Snare Agent Manager (SAM)

Again start an admin cmd prompt on the system. Stop the existing SAM service then run the in debug mode from the command line. Be sure to cd to the install folder being C:\Program Files\Intersect Alliance\Snare Agent Manager

> net stop snaream.exe > snareAM.exe -c -d9 > my-samdebug.log 2>&1 Let this run for a few minutes and do testing and then Ctrl-C to stop the log. > net start snaream.exe

Attach the output file to the support ticket.

For the SAM that runs inside of Snare Central you will need to login to the CLI of Snare Central using the snare credentials then exit to the shell then sudo -s to the root prompt. You will need to stop the snaream service if it is still running either via the kill command or running “service snare stop” to stop all snare services. Be sure to cd to the /data/Snare location where the program lives then run

> service snare stop > snareAM -c -d9 > my-samdebug.log 2>&1 Let this run for a few minutes and do testing and then Ctrl-C to stop the log. > service snare restart

Related content