Snare Agents and SAM – Getting the Debug Log
SUMMARY
To further investigate your issue, it is helpful if the Support team is provided with the debug log for your agent. This will log information on objectives that are targeted and for Epilog, any filename and new log records it has detected.
Snare Agent for Windows
Start a command prompt on the machine where Snare is installed, as Administrator and change directory to your Snare installation (e.g. c:\Program Files\Snare).
Execute the following:
> net stop snare
> snarecore -c -d9 > my-debug.log 2>&1
(where my-debug.log is the name given to your file output)
Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket. Don't forget to restart Snare:
> net start snare
Snare Epilog for Windows
Start a command prompt on the machine where Epilog is installed, as Administrator and change directory to your Epilog installation (e.g. c:\Program Files\Epilog).
Execute the following:
> net stop epilog
> epilog -d9 > my-debug.log 2>&1
(where my-debug.log is the name given to your file output)
Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket. Don't forget to restart Snare:
Snare Agent for MSSQL
Start a command prompt on the machine where Snare MSSQL is installed, as Administrator and change directory to your Snare MSSQL installation (e.g. c:\Program Files\SnareMSSQL).
Execute the following:
Let this run for a few minutes and then Ctrl-C to stop the log.
Attach the output file to the support ticket. Don't forget to restart Snare:
Snare Agent Manager (SAM)
Again start an admin cmd prompt on the system. Stop the existing SAM service then run the in debug mode from the command line. Be sure to cd to the install folder being C:\Program Files\Intersect Alliance\Snare Agent Manager
Attach the output file to the support ticket.
For the SAM that runs inside of Snare Central you will need to login to the CLI of Snare Central using the snare credentials then exit to the shell then sudo -s to the root prompt. You will need to stop the snaream service if it is still running either via the kill command or running “service snare stop” to stop all snare services. Be sure to cd to the /data/Snare location where the program lives then run