There may be times the Snare Support team require debug logs for investigation.

To retrieve debug logs for Snare, use one of the following methods.

Generating Debug Log from the Agent Web UI

This is the recommended method, available from Snare Agent version 5.6.0.

Navigate to the Agent Web UI > Snare Log page
Select a directory to write to
Select the duration of logging (1,5,10 or 15 minutes)
Click Start Debug Log
the Snare Agent will write the debug log to a file for the selected period of time, without the need to stop and restart the Agent service.
The logging can be stopped earlier if needed by clicking Stop Debug Log
Attach the generated log file to your Snare Support case.

For more information see the Snare Log page.

Generating Debug Log from command line

In case Agent Web UI is disabled, the Agent version is earlier than 5.6.0, or Support has explicitly requested to generate the debug log for longer period of time, please use the following instructions

Ensure you start a command prompt as Administrator and navigate to the folder where Snare is installed, to retrieve the logs.

> net stop snare

> snarecore -c -d9 > mysnare.log 2>&1

Where <mysnare.log> may be any name given to the log file. Continue to use Snare until you have an error, or enough time for your events to be processed. After this time, enter CTRL-C to end the debug log.

> net start snare

Attach the log to your Snare Support issue.

To retrieve debug logs for Snare as it communicates with the Snare Agent Manager:

> net stop snare

> snarecore -c -d Remote:trace > mysnare.log 2>&1

> net start snare

Attach the log to your Snare Support issue.

Browser not supported