There may be times the Snare Support team require debug logs for investigation.
To retrieve debug logs for Epilog, use one of the following methods.
- Generating Debug Log from the Agent Web UI
This is the recommended method, available from Snare Agent version 5.6.0
Epilog can be configured to generate the debug log at run time i.e. no need to stop the epilog service. For more information see the Snare Log page. Attach the generated log file to your Snare Support issue.
- Generating Debug Log from command line
In case Epilog Web UI is disabled, the Agent version is earlier than 5.6.0, or Support has explicitly requested to generate the debug log for longer period of time, please use the following instructions.
Ensure you start a command prompt as Administrator and navigate to the folder where Snare is installed, to retrieve the logs.
> net stop epilog
> epilog -c -d9 > myepilog.log 2>&1Where <myepilog.log> may be any name given to the log file. Continue to use Snare until you have an error, or enough time for your events to be processed. Due to buffering this may take many minutes. After this time, enter CTRL-C to end the debug log.
> net start epilog
Attach the log to your Snare Support issue.
To retrieve debug logs for Epilog as it communicates with the Snare Agent Manager:
> net stop epilog
> epilog -c -d SAM:trace > myepilog.log 2>&1Where <myepilog.log> may be any name given to the log file. Continue to use Epilog until you have an error, or enough time for your events to be processed. After this time, enter CTRL-C to end the debug log.
> net start epilog
Attach the log to your Snare Support issue.