Configuration (top)

Root element of Snow inventory configuration file.
An element with minOccurs="0" that isn't presented in the xml file will have a Null value.
Every system shall have a default settings.xml file that decides what value should be the default if none is given.
The order the client should do this is to first read the default xml file and after that write over these values with the values in the users xml file.
Note that the elements in the configuration file are case sensitive.

<Configuration>
  <Agent>...</Agent>
  <Schedule>...</Schedule>
  <Meter>...</Meter>
  <Software>...</Software>
  <Registry>...</Registry>
  <Logging>...</Logging>
  <Server>...</Server>
  <DropLocation>...</DropLocation>
  <Oracle>...</Oracle>
  <SystemSettings>...</SystemSettings>
  <Environment>...</Environment>
  <SudoCommands>...</SudoCommands>
</Configuration>

Attributes

None.

Child Elements

Element Description

Required element.
Basic information about the agent deployment. Such a site and configuration name.

Optional element. Only applicable to the Windows Agent.
Schedule tasks to run on a recurring interval.
The element must be provided in the configuration for automatic scans to be performed.

Optional element. Only applicable to the Windows Agent.
Metering rules.

Optional element.
Defines what should be included in the clients next scan.

Note software is included from the following locations by default in the Windows operating system:
Desktop, user profile, start menu, uninstall information and running processes.

Optional element. Only applicable to the Windows Agent.
Include additional information from the Windows Registry in the scan result.

Control the log output.

Required element.
Specify server endpoints. Each endpoint represents a possible path for the agent to the server.

A drop location can be a folder, HTTP endpoint or UNC file path and specifies an additional delivery location for scan results. Only used when the agent normally sends the result to the server.

Drop locations are not subject to retry policies, if a drop location does not receive the scan result (for any reason) the scan result will not be resent to that drop location at a later date.

Information used in the SIOS component for Oracle database inventory.

System settings that override the default behavior of the agent. Use with care.

Element containing control directives regarding environment data.

Optional element. Only applicable to the UNIX Agent.
List of commands that are allowed to be elevated to root using sudo.

Agent (top)

Required element.
Basic information about the agent deployment. Such a site and configuration name.

<Agent>
  <SiteName>...</SiteName>
  <ConfigName>...</ConfigName>
</Agent>

Attributes

None.

Child Elements

Element Description
SiteName

Required element.
The name of the site that the agent belongs to. The site is used to identify the origin of the data files when transmitted to the server.

ConfigName

Required element.
Name of configuration.

Schedule (top)

Optional element. Only applicable to the Windows Agent.
Schedule tasks to run on a recurring interval.
The element must be provided in the configuration for automatic scans to be performed.

<Schedule enabled="...">
  <Task>...</Task>
</Schedule>

Attributes

Attribute Description
enabled

Acceptable value: true or false

Child Elements

Element Description

List of tasks that the client should perform. Can be empty.

Task (top)

The task that will be run by the agent.

<Task>
  <Action>...</Action>
  <Occurance>...</Occurance>
  <TimeOfDay>...</TimeOfDay>
  <Randomize>...</Randomize>
</Task>

Attributes

None.

Child Elements

Element Description
Action

Required element.
Action to be performed

reserved

Reserved

scan

Required element.
Performs a scan of the machine and sends the result the to server.

Required element.

TimeOfDay

Optional element.
Examples: 09:10, 09:10:30, PT09H10M
For backwards compatibility, the format is very flexible. Any string containing two digits followed by a delimiter and two more digits is accepted.
Scheduling works on a resolution of minutes. Seconds are ignored.

Randomize

Optional element. Only applicable to daily, weekly and monthly schedule types.
The allowed maximum number of minutes offset from time of day when a scan should occur on schedule.
A grater value can help spread out the load on server infrastructure as it is unlikey that many agents will then report back simultaneously.

Occurance (top)

How often to stage a certain task.

<Occurance>
  <AtStart>...</AtStart>
  <Daily>...</Daily>
  <Weekly>...</Weekly>
  <Monthly>...</Monthly>
</Occurance>

Attributes

None.

Child Elements

Element Description

Optional element. If used values: true/false
Will stage task at start of Agent (service init).

Daily

Optional element. If used values: true/false
Do the action on a daily basis.

Weekly

Optional element.
Do the action on a weekly basis. Allowed values: monday tuesday wednesday thursday friday saturday sunday

monday
tuesday
wednesday
thursday
friday
saturday
sunday
Monthly

Optional element.
The day of month the task will be executed.
If the day of the month is outside the range of that month, run action the last day in that month.
For example in February this would become the 28th or 29th.
Example: 30

AtStart (top)

Optional element. If used values: true/false
Will stage task at start of Agent (service init).

<AtStart />

Attributes

None.

Child Elements

None.

Meter (top)

Optional element. Only applicable to the Windows Agent.
Metering rules.

<Meter enabled="...">
  <Exclude>...</Exclude>
  <Span>...</Span>
  <Occurance>...</Occurance>
</Meter>

Attributes

Attribute Description
enabled

Acceptable value: true/false

Child Elements

Element Description

Optional element.
Specifies what software should be excluded from scan.

Required element.
Time span for metering.

Required element.
List of days when metering should be done.

Exclude (top)

Optional element.
Specifies what software should be excluded from scan.

<Exclude>
  <Path>...</Path>
</Exclude>

Attributes

None.

Child Elements

Element Description
Path

Optional element
Exclude software based on a set of simple string matching rules.

For example:
- *.dll exclude all software that ends with the .dll extension
- C:\Windows\* exclude all software that is run from the C:\Windows directory

Note that exclusion does not impact unconditional include paths.

Span (top)

<Span>
  <StartTime>...</StartTime>
  <EndTime>...</EndTime>
</Span>

Attributes

None.

Child Elements

Element Description
StartTime

Required element.
Example: PT09H10 All components (PThhHmmM) are required!

EndTime

Required element.
Example: PT09H10 All components (PThhHmmM) are required!

Occurance (top)

<Occurance>
  <Weekday>...</Weekday>
</Occurance>

Attributes

None.

Child Elements

Element Description
Weekday

Optional element.
Specify day(s) that metering will occur on.

monday
tuesday
wednesday
thursday
friday
saturday
sunday

Software (top)

Optional element.
Defines what should be included in the clients next scan.

Note software is included from the following locations by default in the Windows operating system:
Desktop, user profile, start menu, uninstall information and running processes.

<Software>
  <Include>...</Include>
  <IncludeCriteria>...</IncludeCriteria>
  <Exclude>...</Exclude>
</Software>

Attributes

None.

Child Elements

Element Description

Optional element.
Specifies what software should be included in scan based on file system locations.

Optional element.
Additional criteria that must be fulfilled for software to be included in the result.
For each type of criteria, at least one (if any) of the criterias must match.
For example, if multiple extensions have been specified it's enough if one extension matches but if extensions and manufacturers have both been specified there has to be at least one matching extension and manufacturer.

Optional element.
Specifies what software should be excluded from scan.

Include (top)

Optional element.
Specifies what software should be included in scan based on file system locations.

<Include>
  <Path>...</Path>
</Include>

Attributes

None.

Child Elements

Element Description

Each path is a search expression that is used to locate software based on the file system information.

If no path is specified, software information from any locally attached (or mounted) disk will be included.

Note that unless any exclude paths have been specified a complete file system scan will take place. It could take a while... and impact system performance for the duration of the scan.

Path (top)

Each path is a search expression that is used to locate software based on the file system information.
For example:
- C:\Windows\* matches all files located in the C:\Windows directory
- C:\Windows\*.log matches all .log files located in the C:\Windows directory

<Path recursive="..." unconditionally="..." />

Attributes

Attribute Description
recursive

Optional element.
Specifies whether to use the path to search recursively for files.
For example when recursive=true:
- C:\Windows\*.log matches all .log files located in the C:\Windows directory and all sub directories.

Acceptable value: true or false Default: false

unconditionally

Optional element. If used values: true/false
Specifies whether to include the files found regardless of any exclusion filter.

Acceptable value: true or false Default: false

Child Elements

None.

IncludeCriteria (top)

Optional element.
Additional criteria that must be fulfilled for software to be included in the result.
For each type of criteria, at least one (if any) of the criterias must match.
For example, if multiple extensions have been specified it's enough if one extension matches but if extensions and manufacturers have both been specified there has to be at least one matching extension and manufacturer.

<IncludeCriteria enabled="...">
  <Manufacturer>...</Manufacturer>
  <FileSystem>...</FileSystem>
  <FileType>...</FileType>
</IncludeCriteria>

Attributes

Attribute Description
enabled

Acceptable value: true/false

Child Elements

Element Description
Manufacturer

Only applicable to the Windows Agent. Optional element. May be specified multiple times.
If software is to be included it must match at least one manufacturer filter.

NOTE: The manufacturer criteria can only be applied if the manufacturer can be determined.

FileSystem

Optional element. May be specified multiple times. Only applicable to UNIX agent.
If scanning for software reaches a directory that is a mount point the scanning will not continue scanning the directory further if the file system isn't listed.
Example: jsf

FileType

Optional element. May be specified multiple times.
If software is to be included it must match one of the file types specified.

Unix: Example: "ELFexecutable", as reported by the file-command. Supports wildcard matching.
Windows: file extensions, defaults are: exe, wfd, wfi, wtd, sys2, lnk
Not applicable for Linux & macOS.

Exclude (top)

Optional element.
Specifies what software should be excluded from scan.

<Exclude>
  <Path>...</Path>
  <FileSystem>...</FileSystem>
</Exclude>

Attributes

None.

Child Elements

Element Description
Path

Optional element. May be specified multiple times.
Exclude software based on a set of simple string matching rules.
For example:
- *.dll exclude all software that ends with the .dll extension
- C:\Windows\* exclude all software that is run from the C:\Windows directory
- /some/path/* exclude software beneath the /some/path directory

Note that exclusion does not impact unconditional include paths.

FileSystem

Optional element. May be specified multiple times. Only applicable to the Linux and OSX Agent.
If software is to be excluded based on file system type.

Registry (top)

Optional element. Only applicable to the Windows Agent.
Include additional information from the Windows Registry in the scan result.

<Registry enabled="...">
  <Query>...</Query>
</Registry>

Attributes

Attribute Description
enabled

Acceptable value: true/false

Child Elements

Element Description

Represents a registry query.

Query (top)

Represents a registry query (Windows specific). The query will be used to search for a set of values that will be included as custom registry information in the scan result.

<Query>
  <Key>...</Key>
  <Value>...</Value>
</Query>

Attributes

None.

Child Elements

Element Description
Key

Required element.
The sub key (and registry hive) to scan.
Example: HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT

Value

Required element. May be specified multiple times.
Each value represents the name of a value and if found at any location during query will result in that value being included in the scan result. Example: Version

Key (top)

Required element.
The sub key (and registry hive) to scan.
Example: HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT

<Key recursive="..." />

Attributes

Attribute Description
recursive

Optional element. If used values: true/false
Specifies whether to perform a recursive search starting at the sub key specified.

Note that it may take considerable time to perform a recursive scan, if the starting point is a key with many items underneath it. Use recursive queries sparsely. Acceptable value: true/false

Child Elements

None.

Logging (top)

Control the log output.

<Logging>
  <MaxSize>...</MaxSize>
  <Level>...</Level>
  <Tag>...</Tag>
  <Syslog>...</Syslog>
</Logging>

Attributes

None.

Child Elements

Element Description
MaxSize

Optional element.
Maximum allowed file size of the log file in KiB. Default: Windows/Linux/macOS: 2048 Unix: 16384

Level

Optional element.
Specify log level. Each log level includes the preceeding log level. Allowed values: error warning info trace verbose Default: error

error
warning
info
trace
verbose
Tag

Optional element.
Enable tagged log output. Tagged log output represents logging of a specific type or source and log independently of any log level set.
Some tags (such as the metering tag) are very verbose and should only be enabled during troubleshooting of any metering related issue.
The following is a complete list of supported tags:
- privop (privileged operation). All external commands that run with any form of elevation (administrative access rights) are logged with this tag.
- metering Verbose logging about current software metering.

Optional element. Only applicable to the POSIX Agent.
Control the syslog output.

Syslog (top)

Optional element. Only applicable to the POSIX Agent.
Control the syslog output.

<Syslog enabled="...">
  <Level>...</Level>
  <Tag>...</Tag>
</Syslog>

Attributes

Attribute Description
enabled

Acceptable value: true or false Default: false

Child Elements

Element Description
Level

Optional element.
Specify log level. Each log level includes the preceeding log level. Allowed values: error warning info trace verbose Default: error

error
warning
info
trace
verbose
Tag

Optional element.
Enable tagged log output. Tagged log output represents logging of a specific type or source and log independently of any log level set.
Some tags (such as the metering tag) are very verbose and should only be enabled during troubleshooting of any metering related issue.
The following is a complete list of supported tags:
- privop (privileged operation). All external commands that run with any form of elevation (administrative access rights) are logged with this tag.
- metering Verbose logging about current software metering.

Server (top)

Specify server endpoints. Each endpoint represents a possible path for the agent to the server.

Remarks
When establishing a connection to the server the agent simply choses an endpoint randomly from the list of available endpoints until each endpoint has been atempted at least once before giving up. The first endpoint that results in a successfull connection will be used for the remainder of the session.

<Server>
  <Endpoint>...</Endpoint>
</Server>

Attributes

None.

Child Elements

Element Description

Required element. May be specified multiple times.
A server endpoint that the agent will use to connect to the server infrastructure.

Endpoint (top)

<Endpoint>
  <Address>...</Address>
  <Proxy>...</Proxy>
  <ClientCertificate>...</ClientCertificate>
  <ServerPublicKeyHash>...</ServerPublicKeyHash>
</Endpoint>

Attributes

None.

Child Elements

Element Description
Address

Required element.
Specify the server URI in the following format: scheme://hostname:port/. supported URI schemes are http and https.

Optional element.
Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.

Optional element.
The client certificate used to secure the connection between agent and server.

ServerPublicKeyHash

Base64-encoded sha256 hash of the Inventory server certificate public key. The string should start with "sha256//" I.e.: sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=

Proxy (top)

Optional element.
Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.

<Proxy>
  <Server>...</Server>
  <Credentials>...</Credentials>
</Proxy>

Attributes

None.

Child Elements

Element Description
Server

Required element.
Specify the address for this proxy server.

Optional element.
Credentials used to authenticate connection with HTTP proxy server.

NOTE: Only basic authentication is supported.

Credentials (top)

Optional element.
Credentials used to authenticate connection with HTTP proxy server.

NOTE: Only basic authentication is supported.

<Credentials>
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

None.

Child Elements

Element Description
UserName
Password

Note that the password is always stored in an encrypted form.

ClientCertificate (top)

Optional element.
The client certificate used to secure the connection between agent and server.

<ClientCertificate>
  <FileName>...</FileName>
  <Password>...</Password>
</ClientCertificate>

Attributes

None.

Child Elements

Element Description
FileName

The file name of a client certificate to use (relative the current installation location).

Password

The password to use if the client certificate has been password protected.
Note that the password is always stored in an encrypted form.

DropLocation (top)

A drop location can be a folder, HTTP endpoint or UNC file path and specifies an additional delivery location for scan results. Only used when the agent normally sends the result to the server.

Drop locations are not subject to retry policies, if a drop location does not receive the scan result (for any reason) the scan result will not be resent to that drop location at a later date.

<DropLocation>
  <Network>...</Network>
  <Path>...</Path>
  <Endpoint>...</Endpoint>
</DropLocation>

Attributes

None.

Child Elements

Element Description

Optional element. May be specified multiple times. Only applicable to the Windows Agent.

Path

Optional element. May be specified multiple times. Example: \server\folder

Network (top)

<Network>
  <Credentials>...</Credentials>
  <Location>...</Location>
</Network>

Attributes

None.

Child Elements

Element Description

Credentials to use when connecting to a network share as a specific user.

Location

Credentials (top)

Credentials to use when connecting to a network share as a specific user.

<Credentials>
  <Domain>...</Domain>
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

None.

Child Elements

Element Description
Domain
UserName
Password

Endpoint (top)

<Endpoint>
  <Address>...</Address>
  <Proxy>...</Proxy>
  <ClientCertificate>...</ClientCertificate>
  <ServerPublicKeyHash>...</ServerPublicKeyHash>
</Endpoint>

Attributes

None.

Child Elements

Element Description
Address

Required element.
Specify the server URI in the following format: scheme://hostname:port/. supported URI schemes are http and https.

Optional element.
Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.

Optional element.
The client certificate used to secure the connection between agent and server.

ServerPublicKeyHash

Base64-encoded sha256 hash of the Inventory server certificate public key. The string should start with "sha256//" I.e.: sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=

Proxy (top)

Optional element.
Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.

<Proxy>
  <Server>...</Server>
  <Credentials>...</Credentials>
</Proxy>

Attributes

None.

Child Elements

Element Description
Server

Required element.
Specify the address for this proxy server.

Optional element.
Credentials used to authenticate connection with HTTP proxy server.

NOTE: Only basic authentication is supported.

Credentials (top)

Optional element.
Credentials used to authenticate connection with HTTP proxy server.

NOTE: Only basic authentication is supported.

<Credentials>
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

None.

Child Elements

Element Description
UserName
Password

Note that the password is always stored in an encrypted form.

ClientCertificate (top)

Optional element.
The client certificate used to secure the connection between agent and server.

<ClientCertificate>
  <FileName>...</FileName>
  <Password>...</Password>
</ClientCertificate>

Attributes

None.

Child Elements

Element Description
FileName

The file name of a client certificate to use (relative the current installation location).

Password

The password to use if the client certificate has been password protected.
Note that the password is always stored in an encrypted form.

Oracle (top)

Information used in the SIOS component for Oracle database inventory.

<Oracle enabled="..." debug="...">
  <Environment>...</Environment>
  <DefaultInstanceCredentials>...</DefaultInstanceCredentials>
  <Oratab>...</Oratab>
  <InstancesWithConfiguration>...</InstancesWithConfiguration>
  <Include>...</Include>
  <Exclude>...</Exclude>
</Oracle>

Attributes

Attribute Description
enabled

Acceptable value: true/false

debug

Determines if additional information is included in the snowpack for diagnostic purposes. Acceptable value: true/false

Child Elements

Element Description

Credentials used in all oracle scans if there is no specific credentials for a SID. May be left out if automatic scan is used or instance specific credentials are entered.

Oratab

Specifies the location of the Oratab file to be used to read ORACLE HOME from. This setting is overridden by an OracleHome-element in the Instance-element.

List of what should be included in the Oracle database scan.

List of what should be excluded from the Oracle database scan.

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element Description

Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute Description
variable
value

Child Elements

None.

DefaultInstanceCredentials (top)

<DefaultInstanceCredentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</DefaultInstanceCredentials>

Attributes

Attribute Description
UseTNS

Child Elements

Element Description
UserName
Password

InstancesWithConfiguration (top)

<InstancesWithConfiguration>
  <Instance>...</Instance>
</InstancesWithConfiguration>

Attributes

None.

Child Elements

Element Description

Instance (top)

Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.

<Instance>
  <SID>...</SID>
  <Credentials>...</Credentials>
  <OracleHome>...</OracleHome>
  <Environment>...</Environment>
  <UnixUser>...</UnixUser>
</Instance>

Attributes

None.

Child Elements

Element Description
SID

Optional element.

OracleHome

Optional. Path to the Oracle home directory. Used if the scanner can’t find the path automatically.

UnixUser

Credentials (top)

<Credentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

Attribute Description
UseTNS

Child Elements

Element Description
UserName
Password

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element Description

Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute Description
variable
value

Child Elements

None.

Include (top)

List of what should be included in the Oracle database scan.

<Include>
  <AllInstances>...</AllInstances>
  <Instance>...</Instance>
</Include>

Attributes

None.

Child Elements

Element Description
AllInstances

True if all instances should be found and scanned.

Instance (top)

Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.

<Instance>
  <SID>...</SID>
  <Credentials>...</Credentials>
  <OracleHome>...</OracleHome>
  <Environment>...</Environment>
  <UnixUser>...</UnixUser>
</Instance>

Attributes

None.

Child Elements

Element Description
SID

Optional element.

OracleHome

Optional. Path to the Oracle home directory. Used if the scanner can’t find the path automatically.

UnixUser

Credentials (top)

<Credentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

Attribute Description
UseTNS

Child Elements

Element Description
UserName
Password

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element Description

Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute Description
variable
value

Child Elements

None.

Exclude (top)

List of what should be excluded from the Oracle database scan.

<Exclude>
  <Instance>...</Instance>
</Exclude>

Attributes

None.

Child Elements

Element Description

Instance (top)

Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.

<Instance>
  <SID>...</SID>
  <Credentials>...</Credentials>
  <OracleHome>...</OracleHome>
  <Environment>...</Environment>
  <UnixUser>...</UnixUser>
</Instance>

Attributes

None.

Child Elements

Element Description
SID

Optional element.

OracleHome

Optional. Path to the Oracle home directory. Used if the scanner can’t find the path automatically.

UnixUser

Credentials (top)

<Credentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

Attribute Description
UseTNS

Child Elements

Element Description
UserName
Password

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element Description

Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute Description
variable
value

Child Elements

None.

SystemSettings (top)

System settings that override the default behavior of the agent. Use with care.

<SystemSettings>
  <Setting>...</Setting>
</SystemSettings>

Attributes

None.

Child Elements

Element Description

Setting (top)

<Setting key="..." value="..." />

Attributes

Attribute Description
key

The name of a system setting to set to some value. Acceptable values depend on the type of setting. See remarks about each setting for more information.

reserved

Reserved

privacy.hide_user

Replace the user name (anywhere present) with SHA-1 hash of the user name (UTF-8 byte representation). Only applicable to the Windows and POSIX Agents. Acceptable value: true/false Default value: false

privacy.hide_ip

Replace the IP address (anywhere present) with SHA-1 hash of the IP address (UTF-8 byte representation). Only applicable to the Windows and POSIX Agents. Acceptable value: true/false Default value: false

env.allowonlyonescanperday

Only applicable to the Linux and OS X Agent.
If set, only one scan per day will be allowed by the agent.
Acceptable value: true/false Default: false

env.emulate_os

For Snow internal use only.
Used in SIAU. This value will decide what operating system and hardware will be used.
It is the filename that is derived from this value that decides type of system.
All mock files are placed in a directory named mockfiles.
In that directory files named: mockfile*emulatedos_operation* are placed and read
instead of the corresponding operating system command.

env.java_home

If path to java can't be found or an incompatible version is set as default, this value can be used to identify a correct version.

env.shell

Optional. Used as a solution to problems with the standard shell installed. Points to a shell.
Example: /bin/bash

env.data_dir

If specified, overrides the directory in which the agent will store data files, such as scan results and metering (when applicable).
Defaults to a sub directory 'data' from where the agent is run.
The agent must have read and write access to this directory.

env.temp_dir

If specified, overrides the directory where the agent will store temporary data files.
Defaults to system default temporary directory.
The agent must have read and write access to this directory.

env.log_dir

If specified, overrides the default log directory where the agent will store log files.
Defaults to a sub directory 'data' from where the agent is run.
The agent must have read and write access to this directory.

http.ssl_verify

If false, the agent will not verify that any certificate used to secure communication is issued by a trusted certificate authority (CA).
This setting is enabled by default and must be explicitly disabled if necessary.
Acceptable value: true/false Default: true

http.ssl_capath

Only applicable to the Linux and macOS Agent.
Must be specified to use SSL/TLS.
Specify the PEM file containing the Certificate or Certificate bundle. Equivalent to the curl flag --cacert
Example: /etc/ssl/certs/mycert.pem

http.timeout

The timout in seconds for requests to the server endpoint.
Default value: 15

log.append

If true, the logfile will not be cleared upon a completed scan, i.e. it will be appended upon. This will cause subsequent snowpacks to contain log information from multiple scans.
Default value: false
Acceptable value: true/false

software.scan.dpkg

Include information from the Debian package manager about installed software.
Acceptable value: true/false Default: false

software.scan.jar

Not applicable to the Unix Agent
Enable software scan by scanning the metadata found in Java Archive (JAR) files.
Acceptable value: true/false Default: true

software.scan.rpm

Include information from the Red Hat package manager about installed software.
Acceptable value: true/false Default: false

software.scan.ips

Include information from the Image Packaging System (IPS). Applicable to Solaris 11 and later.
Acceptable value: true/false Default: true

software.scan.svr4

Include information from SVR4 packages. Applicable to Solaris 10 and previous versions.
Acceptable value: true/false Default: true

software.scan.lpp

Include information from Licensed Program Products. Applicable to AIX systems.
Acceptable value: true/false Default: true

software.scan.sd

Include information from Software Distributor. Applicable to HP-UX systems.
Acceptable value: true/false Default: true

software.scan.running_processes

Applicable only to Linux and Unix agents. Scans running processes and adds them to the software scanning result, as a file system scan would. If used with file system scan, there is no distinction made between the results. A program found running and in a file system scan will be the same.
Acceptable value: true/false Default: true

software.scan.add_latency

Defined in microseconds. When reading or processing large amounts of data/objects,
add some extra latency between the objects to prevent the system from spending too much resource on this process.
This might also be a good solution when scanning exceptionally fast drives, to keep the CPU usage down Allowed values: n >= 0, where n is in micro seconds. Default: 0

software.scan.enabled

Only applicable to the Windows Agent.

If disabled will override all software.scan.* settings
Acceptable value: true/false Default: true

software.scan.swidtags

Only applicable to the Windows Agent.

Disable or enable scanning of swid tags
Acceptable value: true/false Default: true

hardware.scan.enabled

Only applicable to the Windows Agent.

Disable or enable scanning of hardware, this will override any individual hardware.scan.* setting.
Acceptable value: true/false Default: true

hardware.scan.device

Only applicable to the Windows Agent.

Disable or enable scanning of installed device drivers
Acceptable value: true/false Default: true

hardware.scan.networkadapter

Only applicable to the Windows Agent.

Disable or enable scanning of network adapters
Acceptable value: true/false Default: true

software.scan.userscan

Only applicable to the Windows Agent.

If disabled will override: software.scan.environmentvariables, software.scan.fileshare, hardware.scan.printer
Acceptable value: true/false Default: true

software.scan.environmentvariables

Only applicable to the Windows Agent.

Disable or enable scanning of environment variables
Acceptable value: true/false Default: true

software.scan.fileshare

Only applicable to the Windows Agent.

Disable or enable scanning of network shares
Acceptable value: true/false Default: true

hardware.scan.printer

Only applicable to the Windows Agent.

Disable or enable scanning of printers that are setup on the system
Acceptable value: true/false Default: true

hardware.scan.displayadapter

Only applicable to the Windows Agent.

Disable or enable scanning of inistalled display adapter
Acceptable value: true/false Default: true

hardware.scan.expansionslot

Only applicable to the Windows Agent.

Legacy support
Acceptable value: true/false Default: true

software.scan.fonts

Only applicable to the Windows Agent.

Disable or enable scanning of installed fonts
Acceptable value: true/false Default: true

software.scan.ignore_bind_mounts

Only applicable to the Linux Agent. If true, the agent will attempt to find bind mounts and add these to the list of directories to be ignored
Acceptable value: true/false Default: false

software.scan.ignore_autofs_mounts

Only applicable to the Linux and Unix agent. If true, the agent will attempt to find detect autofs mounts and add these to the list of directories to be ignored
Acceptable value: true/false Default: false

hardware.scan.keyboard

Only applicable to the Windows Agent.

Disable or enable scanning of attached keyboard
Acceptable value: true/false Default: true

hardware.scan.logicaldisk

Only applicable to the Windows Agent.

Disable or enable scanning of logical drives attached
Acceptable value: true/false Default: true

software.scan.loginuser

Only applicable to the Windows Agent.

Disable or enable scanning of user login history
Acceptable value: true/false Default: true

hardware.scan.memory

Only applicable to the Windows Agent.

Disable or enable scanning of memory
Acceptable value: true/false Default: true

hardware.scan.modem

Only applicable to the Windows Agent.

Disable or enable scanning of attached modems
Acceptable value: true/false Default: true

hardware.scan.monitor

Only applicable to the Windows Agent.

Disable or enable scanning of attached screen
Acceptable value: true/false Default: true

hardware.scan.mouse

Only applicable to the Windows Agent.

Disable or enable scanning of attached mouse device
Acceptable value: true/false Default: true

hardware.scan.multimedia

Only applicable to the Windows Agent.

Disable or enable scanning of installed media devices, i.e sound card.
Acceptable value: true/false Default: true

software.scan.netclient

Only applicable to the Windows Agent.

Disable or enable scanning of network clients or network services
Acceptable value: true/false Default: true

software.scan.netprotocol

Only applicable to the Windows Agent.

Disable or enable scanning ofNDIS protocols CoNDIS stand-alone call managers
Acceptable value: true/false Default: true

software.scan.ntservice

Only applicable to the Windows Agent.

Disable or enable scanning of services
Acceptable value: true/false Default: true

software.scan.odbc

Only applicable to the Windows Agent.

Disable or enable scanning of ODBC data sources and related drivers
Acceptable value: true/false Default: true

hardware.scan.pci

Only applicable to the Windows Agent.

Disable or enable scanning of pci devices
Acceptable value: true/false Default: true

hardware.scan.physicaldisk

Only applicable to the Windows Agent.

Disable or enable scanning of attached physical disks
Acceptable value: true/false Default: true

hardware.scan.port

Only applicable to the Windows Agent.

Disable or enable scanning of COM and LPT ports on the computer
Acceptable value: true/false Default: true

hardware.scan.processor

Only applicable to the Windows Agent.

Disable or enable scanning of processor
Acceptable value: true/false Default: true

hardware.scan.scsi

Only applicable to the Windows Agent.

Disable or enable scanning of SCSI devices
Acceptable value: true/false Default: true

hardware.scan.tapedrive

Only applicable to the Windows Agent.

Disable or enable scanning of attached tape drives
Acceptable value: true/false Default: true

hardware.scan.usb

Only applicable to the Windows Agent.

Disable or enable scanning of usb devices
Acceptable value: true/false Default: true

software.scan.custominfo

Only applicable to the Windows Agent.

Currently "Custom reg keys" within the "default behaviour" concept.
Acceptable value: true/false Default: true

software.scan.virtualsoftwareinfo

Only applicable to the Windows Agent.

Disable or enable scanning of virtual software
Acceptable value: true/false Default: true

metering.is_enabled

Only applicable to the Windows Agent.

Enable or disable metering.
Acceptable value: true/false Default: true

send.max_scan_result_backlog_count

Whenever a send failure occurs the scan result is keept (locally) until the next send opportunity.
This setting controls the maximum number of results that can be kept around at any given time.
When this limit is reached, the oldest result is delete until the number of scan results are within the allowed limit.
Default value: 90

powershell.enabled

Only applicable to the Windows Agent.
If true, Powershell scanning scripts will be run. Acceptable value: true/false Default: true

env.powershell_timeout

The time in milliseconds we wait for all powershell scripts to finish. Note, this is for whole session not individual scripts. Minimum: 300000 (5 minutes) Default: 300000 (5 minutes)

powershell.encryption_key

DEPRECATED - Only applicable to the Windows Agent 5 and 6.
Custom encryption key for executing .snow-ps1 PowerShell scripts. Must be a 64-symbol uppercase hex-string. I.e. 525CE16E463842F020E516CF9EE32D53ACE8BB1AEEDC961A0A3725EFD9CCE2DD

http.poll_interval

Only applicable to the Windows Agent.
The interval in seconds between heartbeats.
A heartbeat is a check to see if there are any pending commands to be carried out at this moment.
For example, agent updates. The interval must be between 10 minutes and 3 days otherwise the default value of 5400 seconds (90 minutes) is used.

http.poll_variance

Only applicable to the Windows Agent.
The variance in seconds for heartbeats.
The variance control how many seconds off the interval is allowed per heartbeat.
Greater variance means more evenly distributed load.
The variance must be between 1 second and the interval. Otherwise the default value of 1800 seconds (30 minutes) is used.

wmi.poll_interval

Only applicable to the Windows Agent.
The interval that Windows Management Instrumentation (WMI) uses to poll the data provider for intrinsic events.
Default is 15 seconds. A higher poll interval may be useful in Virtual Desktop Infrastructure environments.
See https://msdn.microsoft.com/en-us/library/aa394527(v=vs.85).aspx for more information.

env.is_virtual_desktop_infrastructure

Only applicable to the Windows Agent.
If the agent is running in a virtual desktop infrastructure this setting should be set to true.
Acceptable value: true/false Default value: false

snowpack.encryption_fingerprint

The fingerprint of the encryption key to use for encrypting Snowpacks. Note: You must also place the crypt key file in the folder specified by snowpack.encryption_path. Default: None

snowpack.encryption_path

The path to where the encryption keys are stored. This setting is optional. If not present, the path to the agent itself will be used.

saas.edge.enabled

Set this to:
- false to uninstall and prevent installation the Edge browser extension.
- enable to enable the extension when installed outside the agent
- true to allow the agent to install the Edge browser extension.
Acceptable value:
true/enable/false
Default value: true

saas.chrome.enabled

Set this to:
- false to uninstall and prevent installation the Chrome browser extension.
- enable to enable the extension when installed outside the agent
- true to allow the agent to install the Chrome browser extension.
Acceptable value:
true/enable/false
Default value: true

saas.chrome.enterprise.installation

Only applicable to the macOS Agent.
Set this to false to use alternative installation method of the Chrome browser extension,
using a preferences file. See https://developer.chrome.com/apps/external_extensions
Acceptable value:
true/false
Default value: true

saas.firefox.enabled

Set this to:
- false to uninstall and prevent installation the Firefox browser extension.
- enable to enable the extension when installed outside the agent
- true to allow the agent to install the Firefox browser extension.
Acceptable value:
true/enable/false
Default value: true

legacy_webmetering.is_enabled

Only applicable to the Windows Agent.
If true, the legacy web metering is enabled. Default value: false

disable_all_updates

If true, the agent will not perform any updates operations; no program updates, no SaaS rule updates etc. Not even when run manuall on the commandline. Default value: false

reserved_end

Reserved

value

The value associated with the setting. Note that the format of this value will vary depending on the type of setting. See remarks about each setting for more information.

Child Elements

None.

Environment (top)

Element containing control directives regarding environment data.

<Environment>
  <Ignore>...</Ignore>
</Environment>

Attributes

None.

Child Elements

Element Description
Ignore

Used to specify an environment variable to ignore when gathering them from the environment. Name is case-sensitive.

SudoCommands (top)

Optional element. Only applicable to the UNIX Agent.
List of commands that are allowed to be elevated to root using sudo.

<SudoCommands>
  <Path>...</Path>
</SudoCommands>

Attributes

None.

Child Elements

Element Description
Path

Path to command allowed to be elevated using sudo.
Example: /usr/bin/file