Appendix E - Debug logs

Owned by Andrew Madge
Last updated: May 25, 2022 by Mirza Muzammil Baig
2 min read

There may be times the Snare Support team require debug logs for investigation.

To retrieve debug logs for Snare, use one of the following methods.


  • Generating Debug Log from the Agent Web UI

This is the recommended method, available from Snare Agent version 5.6.0.

  • Navigate to the Agent Web UI > Snare Log page
  • Select a directory to write to
  • Select the duration of logging (1,5,10 or 15 minutes)
  • Click Start Debug Log 
    the Snare Agent will write the debug log to a file for the selected period of time, without the need to stop and restart the Agent service. 
  • The logging can be stopped earlier if needed by clicking Stop Debug Log 
  • Attach the generated log file to your Snare Support case.

For more information see the Snare Log page. 


  • Generating Debug Log from command line

In case Agent Web UI is disabled, the Agent version is earlier than 5.6.0, or Support has explicitly requested to generate the debug log for longer period of time, please use the following instructions

Ensure you start a command prompt as Administrator and navigate to the folder where Snare is installed, to retrieve the logs.

> net stop snare
> snarecore -c -d9 > mysnare.log 2>&1

Where <mysnare.log> may be any name given to the log file.  Continue to use Snare until you have an error, or enough time for your events to be processed. After this time, enter CTRL-C to end the debug log.

> net start snare

Attach the log  to your Snare Support issue.


To retrieve debug logs for Snare as it communicates with the Snare Agent Manager:

> net stop snare
> snarecore -c -d Remote:trace > mysnare.log 2>&1

Where <mysnare.log> may be any name given to the log file.  Continue to use Snare until you have an error, or enough time for your events to be processed. After this time, enter CTRL-C to end the debug log.

> net start snare

Attach the log  to your Snare Support issue.