Configuration (top)

Root element of Snow inventory configuration file.
An element with minOccurs="0" that isn't presented in the xml file will have a Null value. Every system shall have a default settings.xml file that decides what value should be the default if none is given.
The order the client should do this is to first read the default xml file and after that write over these values with the values in the users xml file.

Note:
All elements in the configuration file are case sensitive.

<Configuration>
  <Agent>...</Agent>
  <Schedule>...</Schedule>
  <Meter>...</Meter>
  <Software>...</Software>
  <Registry>...</Registry>
  <Logging>...</Logging>
  <Server>...</Server>
  <DropLocation>...</DropLocation>
  <Oracle>...</Oracle>
  <SystemSettings>...</SystemSettings>
  <Environment>...</Environment>
  <SudoCommands>...</SudoCommands>
</Configuration>

Attributes

None.

Child Elements

Element	Description
Agent	Required element. Basic information about the agent deployment. Such as site and configuration name.
Schedule	Optional element. Only applicable to the Windows Agent. Schedule tasks to run on a recurring interval. The element must be provided in the configuration for automatic scans to be performed.
Meter	Optional element. Only applicable to the Windows Agent. Metering rules.
Software	Optional element. Defines what should be included in the clients next scan. Note: Software is included from the following locations by default in the Windows operating system: Desktop user profile start menu uninstall information running processes
Registry	Optional element. Only applicable to the Windows Agent. Include additional information from the Windows Registry in the scan result. Warning: Using this will replace the default behaviour entirely. Utilizing the `Collect Custom Registry Keys` powershell extension is the preferred method.
Logging	Optional element. Control the log output.
Server	Required element. Specify server endpoints. Each endpoint represents a possible path for the agent to the server.
DropLocation	A drop location can be a folder, HTTP endpoint or UNC file path and specifies an additional delivery location for scan results. Only used when the agent normally sends the result to the server. Note: Drop locations are not subject to retry policies, if a drop location does not receive the scan result (for any reason) the scan result will not be resent to that drop location at a later date.
Oracle	Information used in the SIOS component for Oracle database inventory.
SystemSettings	System settings that override the default behavior of the agent. Use with care.
Environment	Element containing control directives regarding environment data.
SudoCommands	Optional element. Only applicable to the UNIX Agent. List of commands that are allowed to be elevated to root using sudo.

Agent (top)

Required element.
Basic information about the agent deployment. Such as site and configuration name.

<Agent>
  <SiteName>...</SiteName>
  <ConfigName>...</ConfigName>
</Agent>

Attributes

None.

Child Elements

Element	Description
SiteName	Required element. The name of the site that the agent belongs to. The site is used to identify the origin of the data files when transmitted to the server.
ConfigName	Required element. Name of the configuration.

Schedule (top)

Optional element. Only applicable to the Windows Agent.
Schedule tasks to run on a recurring interval.
The element must be provided in the configuration for automatic scans to be performed.

<Schedule enabled="...">
  <Task>...</Task>
</Schedule>

Attributes

Attribute	Description
enabled	Acceptable values: `true`, `false`

Child Elements

Element	Description
Task	List of tasks that the client should perform. Can be empty.

Task (top)

The task that will be run by the agent.

<Task>
  <Action>...</Action>
  <Occurance>...</Occurance>
  <TimeOfDay>...</TimeOfDay>
  <Randomize>...</Randomize>
</Task>

Attributes

None.

Child Elements

Element Description

Action

Required element.
Action to be performed

reserved	Reserved
scan	Required element. Performs a scan of the machine and sends the result the to server.

Occurance

Required element.

TimeOfDay

Optional element.
For backwards compatibility, the format is very flexible. Any string containing two digits followed by a delimiter and two more digits is accepted.
Scheduling works on a resolution of minutes.

Examples:

09:10

09:10:30

PT09H10M

Randomize

Optional element. Only applicable to daily, weekly and monthly schedule types.
The allowed maximum number of minutes offset from time of day when a scan should occur on schedule.
A grater value can help spread out the load on server infrastructure as it is unlikey that many agents will then report back simultaneously.

Occurance (top)

How often to stage a certain task.

<Occurance>
  <AtStart>...</AtStart>
  <Daily>...</Daily>
  <Weekly>...</Weekly>
  <Monthly>...</Monthly>
</Occurance>

Attributes

None.

Child Elements

Element Description

AtStart

Optional element.
Will stage task at start of Agent (service init).
Acceptable values: true,false

Daily

Optional element.
Do the action on a daily basis.
Acceptable values: true,false

Weekly

Optional element.
Do the action on a weekly basis.
Acceptable values:

monday
tuesday
wednesday
thursday
friday
saturday
sunday

Monthly

Optional element.
The day of month the task will be executed.
If the day of the month is outside the range of that month, run action the last day in that month.
For example in February this would become the 28th or 29th.
Example: 30

AtStart (top)

Optional element.
Will stage task at start of Agent (service init).
Acceptable values: true,false

<AtStart />

Attributes

None.

Child Elements

None.

Meter (top)

Optional element. Only applicable to the Windows Agent.
Metering rules.

<Meter enabled="...">
  <Exclude>...</Exclude>
  <Span>...</Span>
  <Occurance>...</Occurance>
</Meter>

Attributes

Attribute	Description
enabled	Acceptable values: `true`, `false`

Child Elements

Element	Description
Exclude	Optional element. Specifies what software should be excluded from scan.
Span	Required element. Time span for metering.
Occurance	Required element. List of days when metering should be done.

Exclude (top)

Optional element.
Specifies what software should be excluded from scan.

<Exclude>
  <Path>...</Path>
</Exclude>

Attributes

None.

Child Elements

Element	Description
Path	Optional element. Exclude software based on a set of simple string matching rules. Example: `.dll` exclude all software that ends with the `.dll` extension `C:\Windows\` exclude all software that is run from the `C:\Windows` directory Note: Exclusions do not impact unconditional include paths.

Span (top)

<Span>
  <StartTime>...</StartTime>
  <EndTime>...</EndTime>
</Span>

Attributes

None.

Child Elements

Element	Description
StartTime	Required element. Example: PT09H10 All components (PThhHmmM) are required!
EndTime	Required element. Example: PT09H10 All components (PThhHmmM) are required!

Occurance (top)

<Occurance>
  <Weekday>...</Weekday>
</Occurance>

Attributes

None.

Child Elements

Element

Description

Weekday

Optional element.
Specify day(s) that metering will occur on.

monday
tuesday
wednesday
thursday
friday
saturday
sunday

Software (top)

Optional element. Defines what should be included in the clients next scan.

Note:
Software is included from the following locations by default in the Windows operating system:

Desktop

user profile

start menu

uninstall information

running processes

<Software>
  <Include>...</Include>
  <IncludeCriteria>...</IncludeCriteria>
  <Exclude>...</Exclude>
</Software>

Attributes

None.

Child Elements

Element	Description
Include	Optional element. Specifies what software should be included in scan based on file system locations.
IncludeCriteria	Optional element. Additional criteria that must be fulfilled for software to be included in the result. For each type of criteria, at least one (if any) of the criterias must match. For example, if multiple extensions have been specified it's enough if one extension matches but if extensions and manufacturers have both been specified there has to be at least one matching extension and manufacturer.
Exclude	Optional element. Specifies what software should be excluded from scan.

Include (top)

Optional element.
Specifies what software should be included in scan based on file system locations.

<Include>
  <Path>...</Path>
</Include>

Attributes

None.

Child Elements

Element	Description
Path	Each path is a search expression that is used to locate software based on the file system information. If no path is specified, software information from any locally attached (or mounted) disk will be included. Note: Unless any exclude paths have been specified a complete file system scan will take place. It could take a while, and impact system performance for the duration of the scan.

Path (top)

Each path is a search expression that is used to locate software based on the file system information.

Example:

C:\Windows\* matches all files located in the C:\Windows directory

C:\Windows\*.log matches all .log files located in the C:\Windows directory

<Path recursive="..." unconditionally="..." />

Attributes

Attribute	Description
recursive	Optional element. Specifies whether to use the path to search recursively for files. For example, when `recursive=true` the path `C:\Windows\*.log` matches all `.log` files located in the `C:\Windows` directory and all sub directories. Acceptable values: `true`, `false` Default: `false`
unconditionally	Optional element. Specifies whether to include the files found regardless of any exclusion filter. Acceptable values: `true`, `false` Default: `true`

Child Elements

None.

IncludeCriteria (top)

Optional element.
Additional criteria that must be fulfilled for software to be included in the result.
For each type of criteria, at least one (if any) of the criterias must match.
For example, if multiple extensions have been specified it's enough if one extension matches but if extensions and manufacturers have both been specified there has to be at least one matching extension and manufacturer.

<IncludeCriteria enabled="...">
  <Manufacturer>...</Manufacturer>
  <FileSystem>...</FileSystem>
  <FileType>...</FileType>
</IncludeCriteria>

Attributes

Attribute	Description
enabled	Acceptable values: `true`, `false` Default: `true`

Child Elements

Element	Description
Manufacturer	Optional element.Only applicable to the Windows Agent. May be specified multiple times. If software is to be included, it must match at least one manufacturer filter. Note: The manufacturer criteria can only be applied if the manufacturer can be determined.
FileSystem	Optional element. Only applicable to UNIX agent. May be specified multiple times. If scanning for software reaches a directory that is a mount point the scanning will not continue scanning the directory further if the file system isn't listed. Example: `jsf`
FileType	Optional element. May be specified multiple times. Only applicable for the Windows & Unix Agent If software is to be included it must match one of the file types specified. Example: Unix: `ELFexecutable`, as reported by the `file` command. Supports wildcard matching. Windows: file extensions. Defaults are: `exe`, `wfd`, `wfi`, `wtd`, `sys2`, `lnk`

Exclude (top)

Optional element.
Specifies what software should be excluded from scan.

<Exclude>
  <Path>...</Path>
  <FileSystem>...</FileSystem>
</Exclude>

Attributes

None.

Child Elements

Element Description

Element	Description
Path	Optional element. May be specified multiple times. Exclude software based on a set of simple string matching rules. Examples: `.dll` exclude all software that ends with the `.dll` extension `C:\Windows\` exclude all software that is run from the `C:\Windows` directory `/some/path/` exclude software beneath the /some/path directory Note:* Exclusions do not impact unconditional include paths.
FileSystem	Optional element. May be specified multiple times. Only applicable to the Linux and macOS Agent. Software exclusions based on the file system type.

Path

Optional element. May be specified multiple times.
Exclude software based on a set of simple string matching rules.

Examples:

*.dll exclude all software that ends with the .dll extension

C:\Windows\* exclude all software that is run from the C:\Windows directory

/some/path/* exclude software beneath the /some/path directory

Note:
Exclusions do not impact unconditional include paths.

FileSystem

Optional element. May be specified multiple times. Only applicable to the Linux and macOS Agent.
Software exclusions based on the file system type.

Registry (top)

Optional element. Only applicable to the Windows Agent.
Include additional information from the Windows Registry in the scan result.

Warning:
Using this will replace the default behaviour entirely. Utilizing the Collect Custom Registry Keys powershell extension is the preferred method.

<Registry enabled="...">
  <Query>...</Query>
</Registry>

Attributes

Attribute	Description
enabled	Acceptable values: `true`, `false`

Child Elements

Element	Description
Query	Represents a registry query.

Query (top)

Represents a registry query (Windows specific). The query will be used to search for a set of values that will be included as custom registry information in the scan result.

<Query>
  <Key>...</Key>
  <Value>...</Value>
</Query>

Attributes

None.

Child Elements

Element	Description
Key	Required element. The sub key (and registry hive) to scan. Example: HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT
Value	Required element. May be specified multiple times. Each value represents the name of a value and if found at any location during query will result in that value being included in the scan result. Example: `Version`

Key (top)

Required element.
The sub key (and registry hive) to scan.
Example: HKEYLOCALMACHINE\SOFTWARE\Microsoft\Windows NT

<Key recursive="..." />

Attributes

Attribute	Description
recursive	Optional element. If used values: true/false Specifies whether to perform a recursive search starting at the sub key specified. Acceptable values: `true`, `false` Note: It may take considerable time to perform a recursive scan, if the starting point is a key with many items underneath it. Use recursive queries sparsely.

Child Elements

None.

Logging (top)

Optional element.
Control the log output.

<Logging>
  <MaxSize>...</MaxSize>
  <Level>...</Level>
  <Tag>...</Tag>
  <Syslog>...</Syslog>
</Logging>

Attributes

None.

Child Elements

Element Description

MaxSize

Optional element.
Maximum allowed file size of the log file in KiB.
Default:

Windows/Linux/macOS: 2048
Unix: 16384

Level

Optional element.
Specify log level. Each log level includes the preceeding log level.
Default: error

error
warning
info
trace
verbose

Tag

Optional element.
Enable tagged log output. Tagged log output represents logging of a specific type or source and log independently of any log level set.
Some tags (such as the metering tag) are very verbose and should only be enabled during troubleshooting of any metering related issue.

Syslog

Optional element. Only applicable to the POSIX Agent.
Control the syslog output.

Syslog (top)

Optional element. Only applicable to the POSIX Agent.
Control the syslog output.

<Syslog enabled="...">
  <Level>...</Level>
  <Tag>...</Tag>
</Syslog>

Attributes

Attribute	Description
enabled	Acceptable value: true or false Default: false

Child Elements

Element Description

Level

Optional element.
Specify log level. Each log level includes the preceeding log level.
Default: error

error
warning
info
trace
verbose

Tag

Server (top)

Specify server endpoints. Each endpoint represents a possible path for the agent to the server.

Note:
When establishing a connection to the server the agent simply choses an endpoint randomly from the list of available endpoints until each endpoint has been atempted at least once before giving up.
The first endpoint that results in a successfull connection will be used for the remainder of the session.

<Server>
  <Endpoint>...</Endpoint>
</Server>

Attributes

None.

Child Elements

Element	Description
Endpoint	Required element. May be specified multiple times. A server endpoint that the agent will use to connect to the server infrastructure.

Endpoint (top)

<Endpoint>
  <Address>...</Address>
  <Proxy>...</Proxy>
  <ClientCertificate>...</ClientCertificate>
  <ServerPublicKeyHash>...</ServerPublicKeyHash>
</Endpoint>

Attributes

None.

Child Elements

Element	Description
Address	Required element. Specify the server URI in the following format: `scheme://hostname:port/`. Supported URI schemes are `http` and `https`.
Proxy	Optional element. Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.
ClientCertificate	Optional element. The client certificate used to secure the connection between agent and server.
ServerPublicKeyHash	Base64-encoded sha256 hash of the Inventory server certificate public key. The string should start with `sha256//` Example: `sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=`

Proxy (top)

Optional element.
Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.

<Proxy>
  <Server>...</Server>
  <Credentials>...</Credentials>
</Proxy>

Attributes

None.

Child Elements

Element	Description
Server	Required element. Specify the address for this proxy server.
Credentials	Optional element. Credentials used to authenticate connection with HTTP proxy server. Note: Only basic authentication is supported.

Credentials (top)

Optional element.
Credentials used to authenticate connection with HTTP proxy server.

Note:
Only basic authentication is supported.

<Credentials>
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

None.

Child Elements

Element	Description
UserName
Password	Note: Passwords needs to be provided in encrypted form.

ClientCertificate (top)

Optional element.
The client certificate used to secure the connection between agent and server.

<ClientCertificate>
  <FileName>...</FileName>
  <Password>...</Password>
</ClientCertificate>

Attributes

None.

Child Elements

Element	Description
FileName	The file name of a client certificate to use, relative to the current installation location.
Password	The password to use if the client certificate has been password protected. Note: Passwords needs to be provided in encrypted form.

DropLocation (top)

A drop location can be a folder, HTTP endpoint or UNC file path and specifies an additional delivery location for scan results. Only used when the agent normally sends the result to the server.

Note:
Drop locations are not subject to retry policies, if a drop location does not receive the scan result (for any reason) the scan result will not be resent to that drop location at a later date.

<DropLocation>
  <Network>...</Network>
  <Path>...</Path>
  <Endpoint>...</Endpoint>
</DropLocation>

Attributes

None.

Child Elements

Element	Description
Network	Optional element. Only applicable to the Windows Agent. May be specified multiple times.
Path	Optional element. May be specified multiple times. Example: `\\server\folder`
Endpoint

Network (top)

<Network>
  <Credentials>...</Credentials>
  <Location>...</Location>
</Network>

Attributes

None.

Child Elements

Element	Description
Credentials	Credentials to use when connecting to a network share as a specific user.
Location

Credentials (top)

Credentials to use when connecting to a network share as a specific user.

<Credentials>
  <Domain>...</Domain>
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

None.

Child Elements

Element	Description
Domain
UserName
Password

Endpoint (top)

<Endpoint>
  <Address>...</Address>
  <Proxy>...</Proxy>
  <ClientCertificate>...</ClientCertificate>
  <ServerPublicKeyHash>...</ServerPublicKeyHash>
</Endpoint>

Attributes

None.

Child Elements

Element	Description
Address	Required element. Specify the server URI in the following format: `scheme://hostname:port/`. Supported URI schemes are `http` and `https`.
Proxy	Optional element. Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.
ClientCertificate	Optional element. The client certificate used to secure the connection between agent and server.
ServerPublicKeyHash	Base64-encoded sha256 hash of the Inventory server certificate public key. The string should start with `sha256//` Example: `sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=`

Proxy (top)

Optional element.
Proxy settings to use for this endpoint. If proxy settings are not specified any proxy server support is explicitly disabled for this endpoint.

<Proxy>
  <Server>...</Server>
  <Credentials>...</Credentials>
</Proxy>

Attributes

None.

Child Elements

Element	Description
Server	Required element. Specify the address for this proxy server.
Credentials	Optional element. Credentials used to authenticate connection with HTTP proxy server. Note: Only basic authentication is supported.

Credentials (top)

Optional element.
Credentials used to authenticate connection with HTTP proxy server.

Note:
Only basic authentication is supported.

<Credentials>
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

None.

Child Elements

Element	Description
UserName
Password	Note: Passwords needs to be provided in encrypted form.

ClientCertificate (top)

Optional element.
The client certificate used to secure the connection between agent and server.

<ClientCertificate>
  <FileName>...</FileName>
  <Password>...</Password>
</ClientCertificate>

Attributes

None.

Child Elements

Element	Description
FileName	The file name of a client certificate to use, relative to the current installation location.
Password	The password to use if the client certificate has been password protected. Note: Passwords needs to be provided in encrypted form.

Oracle (top)

Information used in the SIOS component for Oracle database inventory.

<Oracle enabled="..." debug="...">
  <Environment>...</Environment>
  <DefaultInstanceCredentials>...</DefaultInstanceCredentials>
  <Oratab>...</Oratab>
  <InstancesWithConfiguration>...</InstancesWithConfiguration>
  <Include>...</Include>
  <Exclude>...</Exclude>
</Oracle>

Attributes

Attribute	Description
enabled	Acceptable values: `true`, `false`
debug	Determines if additional information is included in the snowpack for diagnostic purposes. Acceptable values: `true`, `false`

Child Elements

Element	Description
Environment
DefaultInstanceCredentials	Credentials used in all oracle scans if there is no specific credentials for a SID. May be left out if automatic scan is used or instance specific credentials are entered.
Oratab	Specifies the location of the Oratab file to be used to read ORACLE HOME from. This setting is overridden by an OracleHome-element in the Instance-element.
InstancesWithConfiguration
Include	List of what should be included in the Oracle database scan.
Exclude	List of what should be excluded from the Oracle database scan.

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element	Description
Item	Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute	Description
variable
value

Child Elements

None.

DefaultInstanceCredentials (top)

<DefaultInstanceCredentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</DefaultInstanceCredentials>

Attributes

Attribute	Description
UseTNS

Child Elements

Element	Description
UserName
Password

InstancesWithConfiguration (top)

<InstancesWithConfiguration>
  <Instance>...</Instance>
</InstancesWithConfiguration>

Attributes

None.

Child Elements

Element	Description
Instance

Instance (top)

Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.

<Instance>
  <SID>...</SID>
  <Credentials>...</Credentials>
  <OracleHome>...</OracleHome>
  <Environment>...</Environment>
  <UnixUser>...</UnixUser>
</Instance>

Attributes

None.

Child Elements

Element	Description
SID	Required Element
Credentials	Optional Element.
OracleHome	Optional Element. Path to the Oracle home directory. Used if the scanner cannot find the path automatically.
Environment
UnixUser	Optional Element. Only applicable to the Linux and Unix Agent.

Credentials (top)

<Credentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

Attribute	Description
UseTNS

Child Elements

Element	Description
UserName
Password

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element	Description
Item	Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute	Description
variable
value

Child Elements

None.

Include (top)

List of what should be included in the Oracle database scan.

<Include>
  <AllInstances>...</AllInstances>
  <Instance>...</Instance>
</Include>

Attributes

None.

Child Elements

Element	Description
AllInstances	Control, if all instances should be found and scanned. Deafault: `true`
Instance

Instance (top)

Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.

<Instance>
  <SID>...</SID>
  <Credentials>...</Credentials>
  <OracleHome>...</OracleHome>
  <Environment>...</Environment>
  <UnixUser>...</UnixUser>
</Instance>

Attributes

None.

Child Elements

Element	Description
SID	Required Element
Credentials	Optional Element.
OracleHome	Optional Element. Path to the Oracle home directory. Used if the scanner cannot find the path automatically.
Environment
UnixUser	Optional Element. Only applicable to the Linux and Unix Agent.

Credentials (top)

<Credentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

Attribute	Description
UseTNS

Child Elements

Element	Description
UserName
Password

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element	Description
Item	Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute	Description
variable
value

Child Elements

None.

Exclude (top)

List of what should be excluded from the Oracle database scan.

<Exclude>
  <Instance>...</Instance>
</Exclude>

Attributes

None.

Child Elements

Element	Description
Instance

Instance (top)

Defines the SID and can also contain credentials for the SID. You can also point to an Oracle home path.

<Instance>
  <SID>...</SID>
  <Credentials>...</Credentials>
  <OracleHome>...</OracleHome>
  <Environment>...</Environment>
  <UnixUser>...</UnixUser>
</Instance>

Attributes

None.

Child Elements

Element	Description
SID	Required Element
Credentials	Optional Element.
OracleHome	Optional Element. Path to the Oracle home directory. Used if the scanner cannot find the path automatically.
Environment
UnixUser	Optional Element. Only applicable to the Linux and Unix Agent.

Credentials (top)

<Credentials UseTNS="...">
  <UserName>...</UserName>
  <Password>...</Password>
</Credentials>

Attributes

Attribute	Description
UseTNS

Child Elements

Element	Description
UserName
Password

Environment (top)

<Environment>
  <Item>...</Item>
</Environment>

Attributes

None.

Child Elements

Element	Description
Item	Specifies a single environment variable to be set.

Item (top)

Specifies a single environment variable to be set.

<Item variable="..." value="..." />

Attributes

Attribute	Description
variable
value

Child Elements

None.

SystemSettings (top)

System settings that override the default behavior of the agent. Use with care.

<SystemSettings>
  <Setting>...</Setting>
</SystemSettings>

Attributes

None.

Child Elements

Element	Description
Setting

Setting (top)

<Setting key="..." value="..." />

Attributes

Attribute Description

key

The name of a system setting to set to some value. Acceptable values depend on the type of setting. See remarks about each setting for more information.

reserved	Reserved
privacy.hide_user	Only applicable to the Windows and POSIX Agents. Replace the user name (anywhere present) with SHA-1 hash of the user name (UTF-8 byte representation). Acceptable values: `true`,`false` Default: `false`
privacy.hide_ip	Only applicable to the Windows and POSIX Agents. Replace the IP address (anywhere present) with SHA-1 hash of the IP address (UTF-8 byte representation). Acceptable values: `true`,`false` Default: `false`
env.allowonlyonescanperday	Only applicable to the Linux and OS X Agent. If set, only one scan per day will be allowed by the agent. Acceptable values: `true`, `false` Default: `false`
env.emulate_os	For Snow internal use only. Only applicable to the Unix Agent. This value will decide what operating system and hardware will be used. It is the filename that is derived from this value that decides type of system. All mock files are placed in a directory named mockfiles. In that directory files named: mockfileemulatedos_operation are placed and read instead of the corresponding operating system command.
env.java_home	If path to java can't be found or an incompatible version is set as default, this value can be used to identify a correct version.
env.shell	Optional Element. Used as a solution to problems with the standard shell installed. Points to a shell. Example: `/bin/bash`
env.data_dir	If specified, overrides the directory in which the agent will store data files, such as scan results and metering (when applicable). Defaults to a sub directory 'data' from where the agent is run. Note: The agent must have read and write access to this directory.
env.temp_dir	If specified, overrides the directory where the agent will store temporary data files. Defaults to system default temporary directory. Note: The agent must have read and write access to this directory.
env.log_dir	If specified, overrides the default log directory where the agent will store log files. Defaults to a sub directory 'data' from where the agent is run. Note: The agent must have read and write access to this directory.
http.ssl_verify	If `false`, the agent will not verify that any certificate used to secure communication is issued by a trusted certificate authority (CA). This setting is enabled by default and must be explicitly disabled if necessary. Acceptable values: `true`, `false` Default: `true` Caution: Disabling this option reduces overall security.
http.ssl_capath	Only applicable to the Linux and macOS Agent. Must be specified to use SSL/TLS. Specify the PEM file containing the Certificate or Certificate bundle. Equivalent to the `curl` flag `--cacert` Example: `/etc/ssl/certs/mycert.pem`
http.timeout	The timout in seconds for requests to the server endpoint. Default: `15`
log.append	If true, the logfile will not be cleared upon a completed scan, i.e. it will be appended upon. This will cause subsequent snowpacks to contain log information from multiple scans. Acceptable values: `true`, `false` Default: `false`
software.scan.dpkg	Only applicable to the Linux Agent. Include information from the Debian package manager about installed software. Acceptable values: `true`, `false` Default: `false`
software.scan.jar	Only applicable to the Windows, macOS and Linux Agent Enable software scan by scanning the metadata found in Java Archive (JAR) files. Acceptable values: `true`, `false` Default: `true`
software.scan.rpm	Only applicable to the Linux Agent. Include information from the Red Hat package manager about installed software. Acceptable values: `true`, `false` Default: `false`
software.scan.ips	Only applicable to the Unix Agent. Include information from the Image Packaging System (IPS). Applicable to Solaris 11 and later. Acceptable values: `true`, `false` Default: `true`
software.scan.svr4	Only applicable to the Unix Agent. Include information from SVR4 packages. Applicable to Solaris 10 and previous versions. Acceptable values: `true`, `false` Default: `true`
software.scan.lpp	Only applicable to the Unix Agent. Include information from Licensed Program Products. Applicable to AIX systems. Acceptable values: `true`, `false` Default: `true`
software.scan.sd	Only applicable to the Unix Agent. Include information from Software Distributor. Applicable to HP-UX systems. Acceptable values: `true`, `false` Default: `true`
software.scan.running_processes	Only applicable to the Linux and Unix Agent. Scans running processes and adds them to the software scanning result, as a file system scan would. If used with file system scan, there is no distinction made between the results. A program found running and in a file system scan will be the same. Acceptable values: `true`, `false` Default: `true`
software.scan.add_latency	Defined in microseconds. When reading or processing large amounts of data/objects, add some extra latency between the objects to prevent the system from spending too much resource on this process. This might also be a good solution when scanning exceptionally fast drives, to keep the CPU usage down Allowed values: n >= 0 Default: `0`
software.scan.enabled	Only applicable to the Windows Agent. If disabled will override all software.scan.* settings Acceptable values: `true`, `false` Default: `true`
software.scan.swidtags	Only applicable to the Windows Agent. Disable or enable scanning of swid tags Acceptable values: `true`, `false` Default: `true`
hardware.scan.enabled	Only applicable to the Windows Agent. Disable or enable scanning of hardware, this will override any individual hardware.scan.* setting. Acceptable values: `true`, `false` Default: `true`
hardware.scan.device	Only applicable to the Windows Agent. Disable or enable scanning of installed device drivers Acceptable values: `true`, `false` Default: `true`
hardware.scan.networkadapter	Only applicable to the Windows Agent. Disable or enable scanning of network adapters Acceptable values: `true`, `false` Default: `true`
software.scan.userscan	Only applicable to the Windows Agent. If disabled will override: software.scan.environmentvariables, software.scan.fileshare, hardware.scan.printer Acceptable values: `true`, `false` Default: `true`
software.scan.environmentvariables	Only applicable to the Windows Agent. Disable or enable scanning of environment variables Acceptable values: `true`, `false` Default: `true`
software.scan.fileshare	Only applicable to the Windows Agent. Disable or enable scanning of network shares Acceptable values: `true`, `false` Default: `true`
hardware.scan.printer	Only applicable to the Windows Agent. Disable or enable scanning of printers that are setup on the system Acceptable values: `true`, `false` Default: `true`
hardware.scan.displayadapter	Only applicable to the Windows Agent. Disable or enable scanning of inistalled display adapter Acceptable values: `true`, `false` Default: `true`
hardware.scan.expansionslot	Only applicable to the Windows Agent. Legacy support Acceptable values: `true`, `false` Default: `true`
software.scan.fonts	Only applicable to the Windows Agent. Disable or enable scanning of installed fonts Acceptable values: `true`, `false` Default: `true`
software.scan.ignore_bind_mounts	Only applicable to the Linux Agent. If true, the agent will attempt to find bind mounts and add these to the list of directories to be ignored Acceptable values: `true`, `false` Default: `false`
software.scan.ignore_autofs_mounts	Only applicable to the Linux and Unix Agent. If true, the agent will attempt to find detect autofs mounts and add these to the list of directories to be ignored Acceptable values: `true`, `false` Default: `false`
hardware.scan.keyboard	Only applicable to the Windows Agent. Disable or enable scanning of attached keyboard Acceptable values: `true`, `false` Default: `true`
hardware.scan.logicaldisk	Only applicable to the Windows Agent. Disable or enable scanning of logical drives attached Acceptable values: `true`, `false` Default: `true`
software.scan.loginuser	Only applicable to the Windows Agent. Disable or enable scanning of user login history Acceptable values: `true`, `false` Default: `true`
hardware.scan.memory	Only applicable to the Windows Agent. Disable or enable scanning of memory Acceptable values: `true`, `false` Default: `true`
hardware.scan.modem	Only applicable to the Windows Agent. Disable or enable scanning of attached modems Acceptable values: `true`, `false` Default: `true`
hardware.scan.monitor	Only applicable to the Windows Agent. Disable or enable scanning of attached screen Acceptable values: `true`, `false` Default: `true`
hardware.scan.mouse	Only applicable to the Windows Agent. Disable or enable scanning of attached mouse device Acceptable values: `true`, `false` Default: `true`
hardware.scan.multimedia	Only applicable to the Windows Agent. Disable or enable scanning of installed media devices, i.e sound card. Acceptable values: `true`, `false` Default: `true`
software.scan.netclient	Only applicable to the Windows Agent. Disable or enable scanning of network clients or network services Acceptable values: `true`, `false` Default: `true`
software.scan.netprotocol	Only applicable to the Windows Agent. Disable or enable scanning of NDIS protocols and CoNDIS stand-alone call managers Acceptable values: `true`, `false` Default: `true`
software.scan.ntservice	Only applicable to the Windows Agent. Disable or enable scanning of services Acceptable values: `true`, `false` Default: `true`
software.scan.odbc	Only applicable to the Windows Agent. Disable or enable scanning of ODBC data sources and related drivers Acceptable values: `true`, `false` Default: `true`
hardware.scan.pci	Only applicable to the Windows Agent. Disable or enable scanning of pci devices Acceptable values: `true`, `false` Default: `true`
hardware.scan.physicaldisk	Only applicable to the Windows Agent. Disable or enable scanning of attached physical disks Acceptable values: `true`, `false` Default: `true`
hardware.scan.port	Only applicable to the Windows Agent. Disable or enable scanning of COM and LPT ports on the computer Acceptable values: `true`, `false` Default: `true`
hardware.scan.processor	Only applicable to the Windows Agent. Disable or enable scanning of processor Acceptable values: `true`, `false` Default: `true`
hardware.scan.scsi	Only applicable to the Windows Agent. Disable or enable scanning of SCSI devices Acceptable values: `true`, `false` Default: `true`
hardware.scan.tapedrive	Only applicable to the Windows Agent. Disable or enable scanning of attached tape drives Acceptable values: `true`, `false` Default: `true`
hardware.scan.usb	Only applicable to the Windows Agent. Disable or enable scanning of usb devices Acceptable values: `true`, `false` Default: `true`
software.scan.custominfo	Only applicable to the Windows Agent. Currently "Custom reg keys" within the "default behaviour" concept. Acceptable values: `true`, `false` Default: `true`
software.scan.virtualsoftwareinfo	Only applicable to the Windows Agent. Disable or enable scanning of virtual software Acceptable values: `true`, `false` Default: `true`
metering.is_enabled	Only applicable to the Windows Agent. Enable or disable metering. Acceptable values: `true`, `false` Default: `true`
send.max_scan_result_backlog_count	Whenever a send failure occurs, the scan result is kept (locally) until the next send opportunity. This setting controls the maximum number of results, that can be kept around at any given time. When this limit is reached, the oldest result is deleted until the number of scan results are within the allowed limit. Acceptable values: positive integers Default: `90`
powershell.enabled	Only applicable to the Windows Agent. If true, Powershell scanning scripts will be executed. Acceptable values: `true`, `false` Default: `true`
env.powershell_timeout	Only applicable to the Windows Agent. The time in milliseconds the agent wait for all powershell scripts to finish. Note, this is for the whole session not individual scripts. Acceptable values: positive integers above `300000` (5 minutes) Default: `300000` (5 minutes)
powershell.encryption_key	DEPRECATED - Only applicable to the Windows Agent 5 and 6. Custom encryption key for executing .snow-ps1 PowerShell scripts. Must be a 64-symbol uppercase hex-string. I.e. 525CE16E463842F020E516CF9EE32D53ACE8BB1AEEDC961A0A3725EFD9CCE2DD
http.poll_interval	Only applicable to the Windows Agent. The interval in seconds between heartbeats. A heartbeat is a check, to see if there are any pending commands (i.e. agent updates) to be carried out at this moment. Acceptable values: The value must be between `600` (10 minutes) and `259200` (3 days). Otherwise the default value of `5400` (90 minutes) is used. Default: `5400`
http.poll_variance	Only applicable to the Windows Agent. The variance in seconds for heartbeats. The variance control how many seconds off the interval is allowed per heartbeat. Greater variance means more evenly distributed load. Acceptable values: The value must be between '1' second and the value used in `http.poll.interval`. Otherwise the default value of `1800` (30 minutes) is used. Default: `1800`
wmi.poll_interval	Only applicable to the Windows Agent. The interval that Windows Management Instrumentation (WMI) uses to poll the data provider for intrinsic events. A higher poll interval may be useful in Virtual Desktop Infrastructure environments. See https://msdn.microsoft.com/en-us/library/aa394527(v=vs.85).aspx for more information. Acceptable values: positive integers Default: `15`
env.is_virtual_desktop_infrastructure	Only applicable to the Windows Agent. If the agent is running in a virtual desktop infrastructure this setting should be set to true. Acceptable values: `true`, `false` Default: `false`
snowpack.encryption_fingerprint	Oprional Element. The fingerprint of the encryption key to use for encrypting Snowpacks. Default: `None` Note: This requires to be the `*.cryptkey` files placed according to the `snowpack.encryption_path` setting.
snowpack.encryption_path	Oprional Element. The path to where the encryption keys are stored. If not present, the path to the agent itself will be used.
saas.edge.enabled	Set this to: false to uninstall and prevent installation the Edge browser extension. enable to enable the extension when installed outside the agent true to allow the agent to install the Edge browser extension. Acceptable values: `true`, `enable`, `false` Default: `true`
saas.chrome.enabled	Set this to: false to uninstall and prevent installation the Chrome browser extension. enable to enable the extension when installed outside the agent true to allow the agent to install the Chrome browser extension. Acceptable values: `true`, `enable`, `false` Default: `true`
saas.chrome.enterprise.installation	Only applicable to the macOS Agent. Set this to false to use alternative installation method of the Chrome browser extension, using a preferences file. See https://developer.chrome.com/apps/external_extensions Acceptable values: `true`, `false` Default: `true`
saas.firefox.enabled	Set this to: false to uninstall and prevent installation the Firefox browser extension. enable to enable the extension when installed outside the agent true to allow the agent to install the Firefox browser extension. Acceptable values: `true`, `enable`, `false` Default: `true`
legacy_webmetering.is_enabled	Only applicable to the Windows Agent. If `true`, the legacy web metering feature is enabled. Acceptable values: `true`, `false` Default: `false` Caution: This feature enables an uncertified Windows Kernel-Mode driver.
disable_all_updates	If `true`, the agent will not perform any update operations or handshakes, not even when run manual on the commandline. no program updates no configuration updates no SaaS rule updates etc. Acceptable values: `true`, `false` Default: `false`
process_affinity	Only applicable to the Windows Agent 7.2.0 and later. Use this setting only, when necessary. If you need to control which or how many processors/cores will be bound to the agent process and subprocesses by the operating system, you can use this setting to define the process affinity mask. The Setting accepts a decimal number, representing a bit array, where the first bit means the first processor/core, the second the second, etc. . For more information refer to https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setprocessaffinitymask. The Agent is not processor group aware, which means only up to 64 affinity bits can be specified. If an invalid value is provided, the agent will be executed with the default setting and process affinity will not applied. Acceptable values: 1 <= n <= 2⁶⁴ Default value: empty Examples: The agent should only run on the first core: Bit array = `1` Decimal value = `1` The agent should only run on the first and second core: Bit array = `11` Decimal value = `3` The agent should only run on the third core: Bit array = `100` Decimal value = `4` The agent should only run on the third and seventh core: Bit array = `1000100` Decimal value = `68`
reserved_end	Reserved

value

The value associated with the setting. Note that the format of this value will vary depending on the type of setting. See remarks about each setting for more information.

Child Elements

None.

Environment (top)

Element containing control directives regarding environment data.

<Environment>
  <Ignore>...</Ignore>
</Environment>

Attributes

None.

Child Elements

Element	Description
Ignore	Used to specify an environment variable to ignore when gathering them from the environment. Name is case-sensitive.

SudoCommands (top)

Optional element. Only applicable to the UNIX Agent.
List of commands that are allowed to be elevated to root using sudo.

<SudoCommands>
  <Path>...</Path>
</SudoCommands>

Attributes

None.

Child Elements

Element	Description
Path	Path to command allowed to be elevated using sudo. Example: `/usr/bin/file`