Snow Inventory Agent

Update the local SaaS ruleset by retrieval from Snow Inventory Server

The agent queries its configured endpoint(s) for pending updates, and the request is eventually forwarded to the Snow Inventory Master Server.

The agent polls the Inventory Server when the command snowagent update is run or on a schedule:

  • For the Windows agent, the http.poll_interval system setting governs how often (in seconds) the agent asks the Inventory Server for updates.

  • For the macOS agent, the schedule is defined in the file /Library/LaunchDaemons/com.snowsoftware.Inventory.plist, and is shared with the scan action.

When the update task includes SaaS application rules, these are downloaded and stored in the agent’s directory in two files named webmetering.rules and webmetering.crules. Those might be both present, or there might be just one of them.

Deploy the browser extensions according to the agent configuration

If at least one the files webmetering.rules or webmetering.crules is present in the agent installation folder, and if at least one of the saas.*.enabled system settings has value true (which is the default value), the agent will try to install the related browser extension.

The agent also instructs the browser to run the cloudmeteringhost process—cloudmeteringhost.exe in Windows, cloudmeteringhost in macOS—and to allow communication between the extension and said process.

For Windows, these actions are performed by a module that runs internally in the agent.

For macOS, these actions are performed by a scheduled task that runs the snowagent cloud command every 5 minutes. The scheduled task is defined in the /Library/LaunchDaemons/ com.snowsoftware.Cloudmetering.plist file.

Refer to the Install extensions for Google Chrome, Microsoft Edge and Mozilla Firefox and Install extensions for Microsoft Edge Legacy and Apple Safari section.

Match data produced by the extensions with local ruleset database

Match data on Windows

On Windows, the browser starts cloudmeteringhost.exe when the extension is installed and enabled.

The browser extension sends all visited URLs to the cloud-metering host process, which immediately writes this data, together with user names and time stamps, to the %ProgramData%\SnowSoftware\Inventory\Agent\cloudmetering\extension-output folder.

The agent performs the following:

  1. Checks the content of the %ProgramData%\SnowSoftware\Inventory\Agent\cloudmetering\extension-output folder every three minutes for files generated by the browser extensions.

  2. Matches the patterns in these files with the local ruleset in the webmetering.rules and webmetering.crules files.

  3. Deletes the files in the extension-output folder immediately after the patterns have been matched.

  4. Writes an encrypted JSON file in the agent’s data\web-metering folder containing the rule hits.

    Exception: in the case of Microsoft Edge Legacy the file content is obfuscated.

    Note

    When 50 unique matches have been found, the agent starts caching matches in the %ProgramData%\SnowSoftware\Inventory\Agent\data\web-metering\cache folder.

A manual agent scan does not flush the memory. To get the same behavior as a scheduled scan, you need to stop the agent prior to the scan.

Match data on macOS

On macOS, the browser starts cloudmeteringhost when the extension is installed and enabled.

The browser extension sends all visited URLs to the cloud-metering host process, which immediately writes this data, together with user names and time stamps, to the /Users/Shared/SnowSoftware/Inventory/Agent/cloudmetering/extension-output folder.

Exception: For Apple Safari, the cloudmeteringhost is not run, and the extension writes directly to the folder.

There is a scheduled task that runs the snowagent cloud command every 5 minutes. The scheduled task is defined in the /Library/LaunchDaemons/com.snowsoftware.Cloudmetering.plist file.

This command will:

  1. Check the content of the /Users/Shared/SnowSoftware/Inventory/Agent/cloudmetering/extension-output folder for files generated by the browser extensions.

  2. Match the patterns in these files with the local ruleset in the webmetering.crules and webmetering.rules files.

  3. Delete the files in the folder extension-output immediately after the patterns have been matched.

  4. Write an encrypted JSON file in the agent’s data/web-metering folder containing the rule hits.

Consolidate SaaS usage data with other inventory data for delivery to Snow Inventory Server

During the agent’s scan, the SaaS application usage data is consolidated with the other inventory data and the results are sent to Snow Inventory Server.

When the scan is triggered, cloud application usage data temporarily stored in memory, is written to disk in the web-metering folder. It is then processed according to section Match data produced by the extensions with local ruleset database. The resulting files in the web-metering folder are then aggregated in the inventory scan result snowpack file.