Configuration reference

Refer to this page for the complete specifications of the available elements and settings in the agent configuration file, snowagent.config.

Configuration is the root element of the agent configuration file. An element with minOccurs="0" that is not presented in the xml file will have a Null value. Every system shall have a default settings.xml file that decides what value should be the default if none is given. The order the client should do this is to first read the default xml file and after that write over these values with the values in the user's xml file.

<Configuration>
  <Agent>...</Agent>
  <Schedule>...</Schedule>
  <Meter>...</Meter>
  <Software>...</Software>
  <Registry>...</Registry>
  <Logging>...</Logging>
  <Server>...</Server>
  <DropLocation>...</DropLocation>
  <Oracle>...</Oracle>
  <SystemSettings>...</SystemSettings>
  <Environment>...</Environment>
  <SudoCommands>...</SudoCommands>
</Configuration>

Each child element of the root element is described below.

caution

All elements are case-sensitive.

Agent

Configuration > Agent

Required. Basic information about the agent deployment, such as site and configuration name.

<Agent>
  <SiteName>...</SiteName>
  <ConfigName>...</ConfigName>
</Agent>

Each child element is described below.

SiteName

Configuration > Agent > SiteName

Required. The name of the site that the agent belongs to. The site is used to identify the origin of the data files when transmitted to the server.

ConfigName

Configuration > Agent > ConfigName

Required. The name of the configuration.

Schedule

Configuration > Schedule

Only applicable to the Windows agent. Schedule tasks to run on a recurring interval. The element is optional but must be provided in the configuration for automatic scans to be performed.

<Schedule enabled="...">
    <Task>...</Task>
</Schedule>

Attribute: enabled
Values: true, false

The child element is described below.

Task

Configuration > Schedule > Task

The task that will be run by the agent. Can be empty.

<Task>
  <Action>...</Action>
  <Occurance>
    <AtStart>...</AtStart>
    <Daily>...</Daily>
    <Weekly>...</Weekly>
    <Monthly>...</Monthly>
  </Occurance>
  <TimeOfDay>...</TimeOfDay>
  <Randomize>...</Randomize>
</Task>

Element	Child element	Description
Action	N/A	Required. Action to be performed. Performs a scan of the machine and sends the result the to server. Value: scan
Occurance		Required. How often to stage a certain task.
	AtStart	Will stage task at start of agent (service init). Values: true, false
	Daily	Do the action on a daily basis. Values: true, false
	Weekly	Do the action on a weekly basis. Values: monday, tuesday, wednesday, thursday, friday, saturday, sunday
	Monthly	The day of month the task will be executed. If the day of the month is outside the range of that month, run action the last day in that month. For example, in February this would become the 28th or 29th. Example: 30
TimeOfDay	N/A	For backwards compatibility, the format is very flexible. Any string containing two digits followed by a delimiter and two more digits is accepted. Scheduling works on a resolution of minutes. Examples: 09:10 09:10:30 PT09H10M
Randomize	N/A	Only applicable to daily, weekly and monthly schedule types. The allowed maximum number of minutes offset from time of day when a scan should occur on schedule. A greater value can help spread out the load on server infrastructure as it is unlikely that many agents will then report back simultaneously.

Meter

Configuration > Meter

Only applicable to the Windows agent. Metering rules.

<Meter enabled="...">
  <Exclude>...</Exclude>
  <Span>...</Span>
  <Occurance>...</Occurance>
</Meter>

Attribute: enabled
Values: true, false

Each child element is described below.

Exclude

Configuration > Meter > Exclude

Specifies what software should be excluded from scan.

<Exclude>
  <Path>...</Path> 
</Exclude>

Element	Description
Path	Exclude software based on a set of simple string matching rules. Examples: *.dll excludes all software that ends with the `.dll` extension C:\Windows* excludes all software that is run from the `C:\Windows` directory Note: Exclusions do not impact unconditional include paths.

Span

Configuration > Meter > Span

Required. Time span for metering.

<Span>
  <StartTime>...</StartTime>
  <EndTime>...</EndTime>
</Span>

Element	Description
StartTime	Required. Example: PT09H10 All components (PThhHmmM) are required!
EndTime	Required. Example: PT09H10 All components (PThhHmmM) are required!

Occurance

Configuration > Meter > Occurance

Required. List of days when metering should be done.

<Occurance>
  <Weekday>...</Weekday>
</Occurance>

Element	Description
Weekday	Specify day(s) that metering will occur on. Values: monday, tuesday, wednesday, thursday, friday, saturday, sunday

Software

Configuration > Software

Defines what should be included in the agent's next scan.

note

Software is included from the following locations by default in the Windows operating system:

desktop
user profile
start menu
uninstall information
running processes.

<Software>
  <Include>...</Include>
  <IncludeCriteria>...</IncludeCriteria>
  <Exclude>...</Exclude>
</Software>

Each child element is described below.

Include

Configuration > Software > Include

Specifies what software should be included in the scan based on file system locations.

<Include>
  <Path recursive="..." unconditionally="...">...</Path>
</Include>

Element Description

Path

Element	Description
Path	Each path is a search expression that is used to locate software based on the file system information. If no path is specified, software information from any locally attached (or mounted) disk will be included. Examples: C:\Windows* matches all files located in the `C:\Windows` directory. *C:\Windows.log matches all `.log` files located in the `C:\Windows` directory. Note: Unless any exclude paths have been specified, a complete file system scan will take place. It could take a while, and impact system performance for the duration of the scan. Attributes: recursive Specifies whether to use the path to search recursively for files. For example, when recursive=true*, the path `C:\Windows\.log` matches all `.log` files located in the `C:\Windows` directory and all subdirectories. Values: true, false Default: false unconditionally Only applicable to the UNIX agent. Specifies whether to include the files found regardless of any exclusion filter. Values: true, false Default: true

Each path is a search expression that is used to locate software based on the file system information. If no path is specified, software information from any locally attached (or mounted) disk will be included.
Examples:

C:\Windows* matches all files located in the C:\Windows directory.
C:\Windows*.log matches all .log files located in the C:\Windows directory.

Note: Unless any exclude paths have been specified, a complete file system scan will take place. It could take a while, and impact system performance for the duration of the scan.

Attributes:

recursive
Specifies whether to use the path to search recursively for files.
For example, when recursive=true, the path C:\Windows\*.log matches all .log files located in the C:\Windows directory and all subdirectories.
Values: true, false
Default: false
unconditionally
Only applicable to the UNIX agent.
Specifies whether to include the files found regardless of any exclusion filter.
Values: true, false
Default: true

IncludeCriteria

Configuration > Software > IncludeCriteria

Additional criteria that must be fulfilled for software to be included in the result.

For each type of criterion, at least one (if any) of the criteria must match. For example, if multiple extensions have been specified it is enough if one extension matches, but if extensions and manufacturers have both been specified, there has to be at least one matching extension and manufacturer.

<IncludeCriteria enabled="...">
  <Manufacturer>...</Manufacturer>
  <FileSystem>...</FileSystem>
  <FileType>...</FileType>
</IncludeCriteria>

Attribute: enabled
Values: true, false
Default: true

Element	Description
Manufacturer	Only applicable to the Windows agent. May be specified multiple times. If software is to be included, it must match at least one manufacturer filter. Note: The manufacturer criteria can only be applied if the manufacturer can be determined.
FileSystem	Only applicable to the UNIX agent. May be specified multiple times. If scanning for software reaches a directory that is a mount point the scanning will not continue scanning the directory further if the file system is not listed. Example: jsf
FileType	Only applicable to the Windows and Unix agents May be specified multiple times. If software is to be included, it must match one of the file types specified. Examples: Unix: ELFexecutable, as reported by the file-command. Supports wildcard matching. Windows: file extensions. Defaults are: exe, wfd, wfi, wtd, sys2, lnk

Exclude

Configuration > Software > Exclude

Specifies what software should be excluded from scan.

<Exclude>
  <Path>...</Path>
  <FileSystem>...</FileSystem>
</Exclude>

Element	Description
Path	May be specified multiple times. Exclude software based on a set of simple string matching rules. Examples: .dll excludes all software that ends with the `.dll` extension C:\Windows\** excludes all software that is run from the `C:\Windows` directory /some/path/* excludes software beneath the `/some/path` directory Note: Exclusions do not impact unconditional include paths.
FileSystem	Only applicable to the Linux and macOS agents. May be specified multiple times. Software exclusions based on the file system type.

Registry

Configuration > Registry

Only applicable to the Windows agent. Include additional information from the Windows Registry in the scan result.

caution

Using this will replace the default behavior entirely. Utilizing the Collect Custom Registry Keys powershell extension is the preferred method.

<Registry enabled="...">
  <Query>...</Query>
</Registry>

Attribute: enabled
Values: true, false

The child element is described below.

Query

Configuration > Registry > Query

Represents a registry query (Windows specific). The query will be used to search for a set of values that will be included as custom registry information in the scan result.

<Query>
  <Key recursive="...">...</Key>
  <Value>...</Value>
</Query>

Element Description

Key Required.
The sub key (and registry hive) to scan.
Example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT

Attribute: recursive
Specifies whether to perform a recursive search starting at the sub key specified.
Values: true, false
Note: It may take considerable time to perform a recursive scan, if the starting point is a key with many items underneath it. Use recursive queries sparsely.

Value Required.
May be specified multiple times. Each value represents the name of a value and if found at any location during query will result in that value being included in the scan result.
Example: Version

Element	Description
Key	Required. The sub key (and registry hive) to scan. Example: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT` Attribute: recursive Specifies whether to perform a recursive search starting at the sub key specified. Values: true, false Note: It may take considerable time to perform a recursive scan, if the starting point is a key with many items underneath it. Use recursive queries sparsely.
Value	Required. May be specified multiple times. Each value represents the name of a value and if found at any location during query will result in that value being included in the scan result. Example: Version

Logging

Configuration > Logging

Control the log output.

<Logging>
  <MaxSize>...</MaxSize>
  <Level>...</Level>
  <Tag>...</Tag>
  <Syslog>...</Syslog>
</Logging>

Each child element is described below.

MaxSize

Configuration > Logging > MaxSize

Maximum allowed file size of the log file in KiB.

Default:

Windows/Linux/macOS: 2048
Unix: 16384

Level

Configuration > Logging > Level

Specify log level. Each log level includes the preceding log level.

Values: error, warning, info, trace, verbose

Default: error

Tag

Configuration > Logging > Tag

Enable tagged log output. Tagged log output represents logging of a specific type or source and log independently of any log level set. Some tags (such as the metering tag) are very verbose and should only be enabled during troubleshooting of any metering related issue.

Syslog

Configuration > Logging > Syslog

Only applicable to the POSIX agent. Control the syslog output.

<Syslog enabled="...">
  <Level>...</Level>
  <Tag>...</Tag>
</Syslog>

Attribute: enabled
Values: true, false
Default: false

Element	Description
Level	Specify log level. Each log level includes the preceding log level. Values: error, warning, info, trace, verbose Default: error
Tag	Enable tagged log output. Tagged log output represents logging of a specific type or source and log independently of any log level set. Some tags (such as the metering tag) are very verbose and should only be enabled during troubleshooting of any metering related issue.

Server

Configuration > Server

Required. Specify server endpoints. Each endpoint represents a possible path for the agent to the server.

note

When establishing a connection to the server the agent simply choses an endpoint randomly from the list of available endpoints until each endpoint has been attempted at least once before giving up. The first endpoint that results in a successful connection will be used for the remainder of the session.

<Server>
  <Endpoint>...</Endpoint>
</Server>

The child element is described below.

Endpoint

Configuration > Server > Endpoint

Required. May be specified multiple times. A server endpoint that the agent will use to connect to the server infrastructure.

<Endpoint>
  <Address>...</Address>
  <Proxy>
    <Server>...</Server>
    <Credentials>
       <UserName>...</UserName>
       <Password>...</Password>
    </Credentials>
  </Proxy>
  <ClientCertificate>
    <FileName>...</FileName>
    <Password>...</Password>
  </ClientCertificate>
  <ServerPublicKeyHash>...</ServerPublicKeyHash>
</Endpoint>

Element	Child element	Description
Address	N/A	Required. Specify the server URI in the following format: `scheme://hostname:port/`. Supported URI schemes are `http` and `https`.
Proxy		Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.
	Server	Required when using the Proxy element. Specify the address for this proxy server.
	Credentials	Credentials used to authenticate connection with HTTP proxy server. Note: Only basic authentication is supported. Child elements: UserName Password Note: Passwords need to be provided in encrypted form.
ClientCertificate		The client certificate used to secure the connection between agent and server.
	FileName	The file name of a client certificate to use, relative to the current installation location.
	Password	The password to use if the client certificate has been password protected. Note: Passwords need to be provided in encrypted form.
ServerPublicKeyHash	N/A	Base64-encoded sha256 hash of the Inventory server certificate public key. The string should start with sha256// Example: sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=

DropLocation

Configuration > DropLocation

A drop location can be a folder, HTTP endpoint or UNC file path and specifies an additional delivery location for scan results. Only used when the agent normally sends the result to the server.

note

Drop locations are not subject to retry policies. If a drop location does not receive the scan result (for any reason), the scan result will not be resent to that drop location at a later date.

<DropLocation>
  <Network>...</Network>
  <Path>...</Path>
  <Endpoint>...</Endpoint>
</DropLocation>

Each child element is described below.

Network

Configuration > DropLocation > Network

Only applicable to the Windows agent. May be specified multiple times.

<Network>
  <Credentials>
    <Domain>...</Domain>
    <UserName>...</UserName>
    <Password>...</Password>
  </Credentials>
  <Location>...</Location>
</Network>

Element	Child element	Description
Credentials		Credentials to use when connecting to a network share as a specific user.
	Domain
	UserName
	Password
Location	N/A

Path

Configuration > DropLocation > Path

May be specified multiple times.

Example: \\server\folder

Endpoint

Configuration > DropLocation > Endpoint

<Endpoint>
  <Address>...</Address>
  <Proxy>
    <Server>...</Server>
    <Credentials>
      <UserName>...</UserName>
      <Password>...</Password>
    </Credentials>
  </Proxy>
  <ClientCertificate>
    <FileName>...</FileName>
    <Password>...</Password>
  </ClientCertificate>
  <ServerPublicKeyHash>...</ServerPublicKeyHash>
</Endpoint>

Element	Child element	Description
Address	N/A	Required. Specify the server URI in the following format: `scheme://hostname:port/`. Supported URI schemes are `http` and `https`.
Proxy		Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.
	Server	Required when using the Proxy element. Specify the address for this proxy server.
	Credentials	Credentials used to authenticate connection with HTTP proxy server. Note: Only basic authentication is supported. Child elements: UserName Password Note: Passwords need to be provided in encrypted form.
ClientCertificate		The client certificate used to secure the connection between agent and server.
	FileName	The file name of a client certificate to use, relative to the current installation location.
	Password	The password to use if the client certificate has been password protected. Note: Passwords need to be provided in encrypted form.
ServerPublicKeyHash	N/A	Base64-encoded sha256 hash of the Inventory server certificate public key. The string should start with sha256// Example: sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=

Oracle

Configuration > Oracle

Information used in the SIOS component for Oracle database inventory.

<Oracle enabled="..." debug="...">
  <Environment>...</Environment>
  <DefaultInstanceCredentials>...</DefaultInstanceCredentials>
  <Oratab>...</Oratab>
  <InstancesWithConfiguration>...</InstancesWithConfiguration>
  <Include>...</Include>
  <Exclude>...</Exclude>
</Oracle>

Attributes:

enabled
Values: true, false
debug
Determines if additional information is included in the snowpack for diagnostic purposes.
Values: true, false

Each child element is described below.

Environment

Configuration > Oracle > Environment

<Environment>
  <Item variable="..." value="..." />
</Environment>

Element	Description
Item	Specifies a single environment variable to be set. Attributes: variable, value

DefaultInstanceCredentials

Configuration > Oracle > DefaultInstanceCredentials

Credentials used in all Oracle scans if there is no specific credentials for a SID. May be left out if automatic scan is used or instance specific credentials are entered.

<DefaultInstanceCredentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</DefaultInstanceCredentials>

Attribute: UseTNS

Element	Description
UserName
Password

Oratab

Configuration > Oracle > Oratab

Specifies the location of the Oratab file to be used to read ORACLE HOME from. This setting is overridden by an OracleHome element in the Instance element.

InstancesWithConfiguration

Configuration > Oracle > InstancesWithConfiguration

<InstancesWithConfiguration>
  <Instance>
    <SID>...</SID>
    <Credentials UseTNS="...">
      <UserName>...</UserName>
      <Password>...</Password>
    </Credentials>
    <OracleHome>...</OracleHome>
    <Environment>
      <Item variable="..." value="..." />
    </Environment>
    <UnixUser>...</UnixUser>
  </Instance>
</InstancesWithConfiguration>

Element	Child element	Description
Instance		Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.
	SID	Required.
	Credentials	Attribute: UseTNS Child elements: UserName Password
	OracleHome	Path to the Oracle home directory. Used if the scanner cannot find the path automatically.
	Environment	Child element: Item Specifies a single environment variable to be set. Attributes: variable, value
	UnixUser	Only applicable to the Linux and Unix agents.

Include

Configuration > Oracle > Include

List of what should be included in the Oracle database scan.

<Include>
  <AllInstances>...</AllInstances>
  <Instance>
    <SID>...</SID>
    <Credentials UseTNS="...">
      <UserName>...</UserName>
      <Password>...</Password>
    </Credentials>
    <OracleHome>...</OracleHome>
    <Environment>
      <Item variable="..." value="..." />
    </Environment>
    <UnixUser>...</UnixUser>
  </Instance>
</Include>

Element	Child element	Description
AllInstances	N/A	Controls if all instances should be found and scanned. Default: true
Instance		Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.
	SID	Required.
	Credentials	Attribute: UseTNS Child elements: UserName Password
	OracleHome	Path to the Oracle home directory. Used if the scanner cannot find the path automatically.
	Environment	Child element: Item Specifies a single environment variable to be set. Attributes: variable, value
	UnixUser	Only applicable to the Linux and Unix agents.

Exclude

Configuration > Oracle > Exclude

List of what should be excluded from the Oracle database scan.

<Exclude>
  <Instance>
    <SID>...</SID>
    <Credentials UseTNS="...">
      <UserName>...</UserName>
      <Password>...</Password>
    </Credentials>
    <OracleHome>...</OracleHome>
    <Environment>
      <Item variable="..." value="..." />
    </Environment>
    <UnixUser>...</UnixUser>
  </Instance>
</Exclude>

Element	Child element	Description
Instance		Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.
	SID	Required.
	Credentials	Attribute: UseTNS Child elements: UserName Password
	OracleHome	Path to the Oracle home directory. Used if the scanner cannot find the path automatically.
	Environment	Child element: Item Specifies a single environment variable to be set. Attributes: variable, value
	UnixUser	Only applicable to the Linux and Unix agents.

SystemSettings

Configuration > SystemSettings

System settings that override the default behavior of the agent. Use with care.

<SystemSettings>
  <Setting key="..." value="..." />
</SystemSettings>

The format of the value will vary depending on the type of setting. See each setting for more information.

Setting key	Description
privacy.hide_user	Only applicable to the Windows and POSIX agents. Replace the user name (anywhere present) with SHA-1 hash of the user name (UTF-8 byte representation). Values: true, false Default: false
privacy.hide_ip	Only applicable to the Windows and POSIX agents. Replace the IP address (anywhere present) with SHA-1 hash of the IP address (UTF-8 byte representation). Values: true, false Default: false
env.allowonlyonescanperday	Only applicable to the Linux and OS X agents. If set, only one scan per day will be allowed by the agent. Values: true, false Default: false
env.emulate_os	For Snow internal use only. Only applicable to the Unix agent This value will decide what operating system and hardware will be used. It is the filename that is derived from this value that decides type of system. All mock files are placed in a directory named mockfiles. In that directory files named: mockfile*emulatedos_operation* are placed and read instead of the corresponding operating system command.
env.java_home	If path to java cannot be found, or an incompatible version is set as default, this value can be used to identify a correct version.
env.shell	Used as a solution to problems with the standard shell installed. Points to a shell. Example: /bin/bash
env.data_dir	If specified, overrides the directory in which the agent will store data files, such as scan results and metering (when applicable). Defaults to a sub directory data from where the agent is run. Note: The agent must have read and write access to this directory.
env.temp_dir	If specified, overrides the directory where the agent will store temporary data files. Defaults to system default temporary directory. Note: The agent must have read and write access to this directory.
env.log_dir	If specified, overrides the default log directory where the agent will store log files. Defaults to a sub directory data from where the agent is run. Note: The agent must have read and write access to this directory.
http.ssl_verify	If false, the agent will not verify that any certificate used to secure communication is issued by a trusted certificate authority (CA). This setting is enabled by default and must be explicitly disabled if necessary. Caution: Disabling this option reduces overall security. Values: true, false Default: true
http.ssl_capath	Only applicable to the Linux and macOS agents. Must be specified to use SSL/TLS. Specify the PEM file containing the Certificate or Certificate bundle. Equivalent to the curl flag --cacert Example: /etc/ssl/certs/mycert.pem
http.timeout	The timeout in seconds for requests to the server endpoint. Default: 15
log.append	If true, the logfile will not be cleared upon a completed scan, i.e. it will be appended upon. This will cause subsequent snowpacks to contain log information from multiple scans. Values: true, false Default: false
software.scan.dpkg	Only applicable to the Linux agent. Include information from the Debian package manager about installed software. Values: true, false Default: false
software.scan.jar	Only applicable to the Windows, macOS, and Linux agents Enable software scan by scanning the metadata found in Java Archive (JAR) files. Values: true, false Default: true
software.scan.rpm	Only applicable to the Linux agent. Include information from the Red Hat package manager about installed software. Values: true, false Default: false
software.scan.ips	Only applicable to the Unix agent. Include information from the Image Packaging System (IPS). Applicable to Solaris 11 and later. Values: true, false Default: true
software.scan.svr4	Only applicable to the Unix agent. Include information from SVR4 packages. Applicable to Solaris 10 and previous versions. Values: true, false Default: true
software.scan.lpp	Only applicable to the Unix agent. Include information from Licensed Program Products. Applicable to AIX systems. Values: true, false Default: true
software.scan.sd	Only applicable to the Unix agent. Include information from Software Distributor. Applicable to HP-UX systems. Values: true, false Default: true
software.scan.running_processes	Only applicable to the Linux and Unix agents. Scans running processes and adds them to the software scanning result, as a file system scan would. If used with file system scan, there is no distinction made between the results. A program found running and in a file system scan will be the same. Values: true, false Default: true
software.scan.add_latency	Defined in microseconds. When reading or processing large amounts of data/objects, add some extra latency between the objects to prevent the system from spending too much resource on this process. This might also be a good solution when scanning exceptionally fast drives, to keep the CPU usage down. Values: n >= 0 Default: 0
software.scan.enabled	Only applicable to the Windows agent. If disabled will override all software.scan.* settings. Values: true, false Default: true
software.scan.swidtags	Only applicable to the Windows agent. Disable or enable scanning of swid tags. Values: true, false Default: true
hardware.scan.enabled	Only applicable to the Windows agent. Disable or enable scanning of hardware, this will override any individual hardware.scan.* setting. Values: true, false Default: true
hardware.scan.device	Only applicable to the Windows agent. Disable or enable scanning of installed device drivers. Values: true, false Default: true
hardware.scan.networkadapter	Only applicable to the Windows agent. Disable or enable scanning of network adapters. Values: true, false Default: true
software.scan.userscan	Only applicable to the Windows agent. If disabled will override: software.scan.environmentvariables, software.scan.fileshare, hardware.scan.printer Values: true, false Default: true
software.scan.environmentvariables	Only applicable to the Windows agent. Disable or enable scanning of environment variables. Values: true, false Default: true
software.scan.fileshare	Only applicable to the Windows agent. Disable or enable scanning of network shares. Values: true, false Default: true
hardware.scan.printer	Only applicable to the Windows agent. Disable or enable scanning of printers that are setup on the system. Values: true, false Default: true
hardware.scan.displayadapter	Only applicable to the Windows agent. Disable or enable scanning of installed display adapter. Values: true, false Default: true
hardware.scan.expansionslot	Only applicable to the Windows agent. Legacy support. Values: true, false Default: true
software.scan.fonts	Only applicable to the Windows agent. Disable or enable scanning of installed fonts. Values: true, false Default: true
software.scan.ignore_bind_mounts	Only applicable to the Linux agent. If true, the agent will attempt to find bind mounts and add these to the list of directories to be ignored. Values: true, false Default: false
software.scan.ignore_autofs_mounts	Only applicable to the Linux and Unix agents. If true, the agent will attempt to find detect autofs mounts and add these to the list of directories to be ignored. Values: true, false Default: false
hardware.scan.keyboard	Only applicable to the Windows agent. Disable or enable scanning of attached keyboard. Values: true, false Default: true
hardware.scan.logicaldisk	Only applicable to the Windows agent. Disable or enable scanning of logical drives attached. Values: true, false Default: true
software.scan.loginuser	Only applicable to the Windows agent. Disable or enable scanning of user login history. Values: true, false Default: true
hardware.scan.memory	Only applicable to the Windows agent. Disable or enable scanning of memory. Values: true, false Default: true
hardware.scan.modem	Only applicable to the Windows agent. Disable or enable scanning of attached modems. Values: true, false Default: true
hardware.scan.monitor	Only applicable to the Windows agent. Disable or enable scanning of attached screen. Values: true, false Default: true
hardware.scan.mouse	Only applicable to the Windows agent. Disable or enable scanning of attached mouse device. Values: true ,false Default: true
hardware.scan.multimedia	Only applicable to the Windows agent. Disable or enable scanning of installed media devices, i.e sound card. Values: true, false Default: true
software.scan.netclient	Only applicable to the Windows agent. Disable or enable scanning of network clients or network services. Values: true, false Default: true
software.scan.netprotocol	Only applicable to the Windows agent. Disable or enable scanning of NDIS protocols and CoNDIS stand-alone call managers. Values: true, false Default: true
software.scan.ntservice	Only applicable to the Windows agent. Disable or enable scanning of services. Values: true, false Default: true
software.scan.odbc	Only applicable to the Windows agent. Disable or enable scanning of ODBC data sources and related drivers. Values: true, false Default: true
hardware.scan.pci	Only applicable to the Windows agent. Disable or enable scanning of pci devices. Values: true, false Default: true
hardware.scan.physicaldisk	Only applicable to the Windows agent. Disable or enable scanning of attached physical disks. Values: true, false Default: true
hardware.scan.port	Only applicable to the Windows agent. Disable or enable scanning of COM and LPT ports on the computer. Values: true, false Default: true
hardware.scan.processor	Only applicable to the Windows agent. Disable or enable scanning of processor. Values: true, false Default: true
hardware.scan.scsi	Only applicable to the Windows agent. Disable or enable scanning of SCSI devices. Values: true, false Default: true
hardware.scan.tapedrive	Only applicable to the Windows agent. Disable or enable scanning of attached tape drives. Values: true, false Default: true
hardware.scan.usb	Only applicable to the Windows agent. Disable or enable scanning of usb devices. Values: true, false Default: true
software.scan.custominfo	Only applicable to the Windows agent. Currently "Custom reg keys" within the "default behaviour" concept. Values: true, false Default: true
software.scan.virtualsoftwareinfo	Only applicable to the Windows agent. Disable or enable scanning of virtual software. Values: true, false Default: true
metering.is_enabled	Only applicable to the Windows agent. Enable or disable metering. Values: true, false Default: true
send.max_scan_result_backlog_count	Whenever a send failure occurs the scan result is kept (locally) until the next send opportunity. This setting controls the maximum number of results that can be kept around at any given time. When this limit is reached, the oldest result is deleted until the number of scan results are within the allowed limit. Values: positive integers Default: 90
powershell.enabled	Only applicable to the Windows agent. If true, Powershell scanning scripts will be executed. Values: true, false Default: true
env.powershell_timeout	Only applicable to the Windows agent. The time in milliseconds the agent waits for all powershell scripts to finish. Note that this is for the whole session and not individual scripts. Values: positive integers above 300000 (5 minutes) Default: 300000 (5 minutes)
powershell.encryption_key	DEPRECATED - Only applicable to the Windows agent 5 and 6. Custom encryption key for executing .snow-ps1 PowerShell scripts. Must be a 64-symbol uppercase hex-string. I.e. 525CE16E463842F020E516CF9EE32D53ACE8BB1AEEDC961A0A3725EFD9CCE2DD
http.poll_interval	Only applicable to the Windows agent. The interval in seconds between heartbeats. A heartbeat is a check to see if there are any pending commands (i.e. agent updates) to be carried out at this moment. Values: The value must be between 600 (10 minutes) and 259200 (3 days). Otherwise the default value of 5400 (90 minutes) is used. Default: 5400
http.poll_variance	Only applicable to the Windows agent. The variance in seconds for heartbeats. The variance controls how many seconds off the interval is allowed per heartbeat. Greater variance means more evenly distributed load. Values: The value must be between 1 second and the value used in http.poll.interval. Otherwise the default value of 1800 (30 minutes) is used. Default: 1800
wmi.poll_interval	Only applicable to the Windows agent. The interval that Windows Management Instrumentation (WMI) uses to poll the data provider for intrinsic events. A higher poll interval may be useful in Virtual Desktop Infrastructure environments. See https://msdn.microsoft.com/en-us/library/aa394527(v=vs.85).aspx for more information. Values: positive integers Default: 15
env.is_virtual_desktop_infrastructure	Only applicable to the Windows agent. If the agent is running in a virtual desktop infrastructure this setting should be set to true. Values: true, false Default: false
snowpack.encryption_fingerprint	The fingerprint of the encryption key to use for encrypting snowpacks. Note: This requires to be the .cryptkey files placed according to the snowpack.encryption_path* setting. Default: None
snowpack.encryption_path	The path to where the encryption keys are stored. If not present, the path to the agent itself will be used.
saas.edge.enabled	Set this to: false to uninstall and prevent installation of the Edge browser extension. enable to enable the extension when installed outside the agent. true to allow the agent to install the Edge browser extension. Values: false, enable, true Default: true
saas.chrome.enabled	Set this to: false to uninstall and prevent installation of the Chrome browser extension. enable to enable the extension when installed outside the agent. true to allow the agent to install the Chrome browser extension. Values: false, enable, true Default: true
saas.chrome.enterprise.installation	Only applicable to the macOS agent. Set this to false to use alternative installation method of the Chrome browser extension, using a preferences file. See https://developer.chrome.com/apps/external_extensions Values: true, false Default: true
saas.firefox.enabled	Set this to: false to uninstall and prevent installation of the Firefox browser extension. enable to enable the extension when installed outside the agent. true to allow the agent to install the Firefox browser extension. Values: false, enable, true Default: true
legacy_webmetering.is_enabled	Only applicable to the Windows agent. If true, the legacy web metering is enabled. Caution: This feature enables an uncertified Windows Kernel-Mode driver. Values: true, false Default: false
disable_all_updates	If true, the agent will not perform any update operations or handshakes, not even when run manually on the commandline. no program updates no configuration updates no SaaS rule updates etc. Values: true, false Default: false
process_affinity	Only applicable to Windows agent 7.2.0 and later. Use this setting only when necessary. If you need to control which or how many processors/cores will be bound to the agent process and subprocesses by the operating system, you can use this setting to define the process affinity mask. The setting accepts a decimal number, representing a bit array, where the first bit means the first processor/core, the second the second, etc. For more information, refer to https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setprocessaffinitymask. The agent is not processor group aware, which means only up to 64 affinity bits can be specified. If an invalid value is provided, the agent will be executed with the default setting and process affinity will not be applied. Values: 1 <= n <= 2^64 Default: empty Example 1: The agent should only run on the first core. Bit array = 1 Decimal value = 1 Example 2: The agent should only run on the first and second core. Bit array = 11 Decimal value = 3 Example 3: The agent should only run on the third core. Bit array = 100 Decimal value = 4 Example 4: The agent should only run on the third and seventh core. Bit array = 1000100 Decimal value = 68

Environment

Configuration > Environment

Element containing control directives regarding environment data.

<Environment>
  <Ignore>...</Ignore>
</Environment>

The child element is described below.

Ignore

Configuration > Environment > Ignore

Used to specify an environment variable to ignore when gathering them from the environment. Name is case-sensitive.

SudoCommands

Configuration > SudoCommands

Only applicable to the UNIX agent. List of commands that are allowed to be elevated to root using sudo.

<SudoCommands>
  <Path>...</Path>
</SudoCommands>

The child element is described below.

Path

Configuration > SudoCommands > Path

Path to command allowed to be elevated using sudo.

Example: /usr/bin/file

Configuration reference

Agent​

SiteName​

ConfigName​

Schedule​

Task​

Meter​

Exclude​

Span​

Occurance​

Software​

Include​

IncludeCriteria​

Exclude​

Registry​

Query​

Logging​

MaxSize​

Level​

Tag​

Syslog​

Server​

Endpoint​

DropLocation​

Network​

Path​

Endpoint​

Oracle​

Environment​

DefaultInstanceCredentials​

Oratab​

InstancesWithConfiguration​

Include​

Exclude​

SystemSettings​

Environment​

Ignore​

SudoCommands​

Path​

Agent

SiteName

ConfigName

Schedule

Task

Meter

Exclude

Span

Occurance

Software

Include

IncludeCriteria

Exclude

Registry

Query

Logging

MaxSize

Level

Tag

Syslog

Server

Endpoint

DropLocation

Network

Path

Endpoint

Oracle

Environment

DefaultInstanceCredentials

Oratab

InstancesWithConfiguration

Include

Exclude

SystemSettings

Environment

Ignore

SudoCommands

Path