Appendix D - Troubleshooting

If you are having any issues with the agent logging, check the following:

For SQL Server 2012 and newer:

• ensure the trace file location is in a directory other than c:\program files\SnareMSSQL as the program files directory has additional Windows UAC controls in 2012 which prevents the agent from writing to this location.
• the Snare for MSSQL agent has to use a service account that has local administrative rights to the server, the default system account no longer works as it does not have enough rights. For a cluster this account needs to have domain admin rights to work across the cluster but could depend on how you have setup local admin rights on each machine in the cluster.  In general clusters need domain admin rights to work across the cluster.
• the Snare SQL Service account has to have the sysadmin role in SQL Server so it can use the trace function to get the logs.

For SQL Server 2008:

• if using a service account, this account has to be in the sysadmin role in SQL Server so it can access the trace functions.
• the Snare for MSSQL agent needs to have access to the local administrators group with the service account
• depending on the security policy in place move the trace file location to something other than c:\program files\SnareMSSQL due to UAC controls to something like c:\SQLLOGS ( or a location that suits) just as long as the agent has read/write access to it. Change this in the network configuration screen in the agent.