Configure the scanner
To configure the filesystem search for Snow Inventory Java Scanner, use the include and exclude paths defined in the agent configuration file, snowagent.config, as described in The scanning process.
Schedule the scan in a Linux or Unix environment
In Linux and Unix environments, the execution of the scanner is scheduled by the cron configuration file sijscron.conf, which must be included in the agent installation package. For more information, see Agent Module Shell Scripts in the Snow Inventory section of the Release Notes page.
Command | Description |
|---|---|
version | Print current version to stdout |
-v | Verbose logging |
Schedule the scan in a Windows environment
In a Windows environment, the scanner is triggered by the Snow Inventory Java Scanner Launcher PowerShell script. The script must be included in the agent installation package.
To execute the scanner, run the following command:
$java -jar sijs.jar
Schedule the scan in a macOS environment
In a macOS environment, the scan schedule must be created by the user.
To execute the scanner, run the following command:
$java -jar sijs.jar
Snow Inventory Java Scanner configuration file
You can make additional configurations to the scanner by using the Snow Inventory Java Scanner configuration file, sijs.config, which can be included in the agent installation package. You only have to include the file in the installation package if you want to customize any of the parameters in the configuration file. If the file is not included, the scanner will execute the scan with the default values.
Configure the security level of the scanner
Use the configuration file to configure the security level of the scanner if it is executed with elevated permissions, that is, as Administrator (Windows) or root (Linux, Unix, and macOS). The configuration file contains the following elements and default values:
<Configuration>
<SecurityLevel>HIGH</SecurityLevel>
<ImpersonationUser>javascan</ImpersonationUser>
</Configuration>Choose one of the following three security levels:
LOW: Every Java executable found during the file system search will be treated as a secure (admin) path and the commands required to properly identify the installation will be executed in the same security context as the user executing the scan.
MEDIUM: The Java executables found that are part of the administrator/root’s PATH environment variable will be treated as secure (admin) paths, and the commands required to properly identify the installation will be executed in the same security context as the user executing the scan. All the other Java executables will be treated as non-secure (non-admin) paths and the commands will be executed in a lower security context:
For Windows, the runas /trustlevel:0x20000 command will be used, which lowers the permissions to basic user.
For Unix, Linux, and macOS, the commands will be executed with the dedicated user defined in the ImpersonationUser element.
HIGH: The Java executables found that are part of the administrator/root’s PATH environment variable will be treated as secure (admin) paths, and the commands required to properly identify the installation will be executed in the same security context as the user executing the scan. All the other Java executables will be treated as non-secure (non-admin) paths and will not be identified at this security level. The scanner's raw data will contain information that these installations are not identified due to the HIGH security level setting.