The scanning process
Snow Inventory Agent for Linux scans the computers regularly. The default schedule is every day at 21:00. When the scan is completed, the agent sends the inventory file with the scan data to a Snow Inventory endpoint (Snow Inventory Server or Snow Extender).
To make sure that not all agents scan and send their results at the same time, with the risk of choking the endpoint with too many simultaneous files, a randomized number of minutes from 0 to 60 is added to the scheduled start time.
If the agent for some reason cannot send data to the endpoint, it will try again at the next schedule. The inventory data file is stored until the data has been sent successfully. The maximum number of unsent inventory files that will be stored is decided by the setting key send.max_scan_result_backlog_count in the SystemSettings element of the agent configuration file.
You can configure a custom scan schedule, for example at 01:00 every day, at 04:05 every Sunday, or at 00:30 on the first day of every month, see Configure the scan schedule.
File and package scanning
The Linux agent gathers information by scanning the file systems. Based on the file system scan result, additional meta-information on installed software is collected from the package managers. This means that meta-information from the package managers will only be collected for the software that has been inventoried by the file system scan.
To include or exclude directories or files from the scan, use the <Software><Include> and <Software><Exclude> elements in the agent configuration file. See Rules for file system scan for a description of how to use the elements to configure a file system scan.
The system settings software.scan.dpkg and software.scan.rpm are used for enabling the collection of information from the Debian and Red Hat package managers respectively. Both settings are enabled by default in the agent configuration file.
The user account that runs the Linux agent must have read access to the files and folders that should be scanned. If it is not possible to grant the user the required access, you can use the following command to bypass file permission checks:
sudo setcap CAP_DAC_READ_SEARCH+ep /opt/snow/snowagent
File system types not scanned by the agent
The following file system types are excluded from the scan by default:
binfmt_misc | cifs |
devpts | devtmpfs |
fuse | fuse.gvfsd-fuse |
fuse.vmware-vmblock | fuseblk |
nfs | nfs4 |
none | panfs |
proc | rpc-pipes |
smbfs | sysfs |
tmpfs | vmblock |
vmhgfs |
You can also exclude file system types by adding them to <Software><Exclude><FileSystem> in the agent configuration file.
Adding a file system exclusion to the agent configuration file is not an additive process; it replaces the default set listed in the table above. Therefore, you must list all file systems that should be excluded.
Scanning running processes
The system setting software.scan.running_processes is used to gather information about running processes on the inventoried server. The functionality is enabled by default but can be disabled by adding the system setting to the agent configuration file, and then setting it to false.
The scan identifies the running processes and adds them to the file systems scan result. In the scan result sent to the Inventory endpoint, there is no distinction between the software inventoried by the running processes scan and the software inventoried by the file systems scan.
Together with the configuration of file system scanning and package manager scanning, the configuration of running processes makes it possible to create a customized agent configuration that provides resource-efficient inventory coverage.
When the agent is run with superuser privileges, information on all processes running on the server will be gathered. Otherwise, only the processes that are running as the user running the snowagent will be gathered.
Depending on the mount of the /proc
folder, customers can use hidepid to hide processes. To overcome this, you must define a group that is able to see the processes, using the gid parameter in the mount.
Configure the agent to exclude bind mounts and autofs mounts from the scan
If it is not desirable to scan bind or autofs mounts, you can exclude them by using the configurations described below.
Note that for the configurations to function, it is required that the system supports the command findmnt -P. The findmnt command is not available on all Linux systems. For example, RHEL5 does not include it by default, but by installing util-linux version 2.20 or later it should be made available.
To exclude bind mounts from the scan:
-
In the SystemSettings element of the agent configuration file, set the setting key software.scan.ignore_bind_mounts to true.
<SystemSettings>
<Setting key="software.scan.ignore_bind_mounts" value="true" />
</SystemSettings>
To exclude autofs mounts from the scan:
-
In the SystemSettings element of the agent configuration file, set the setting key software.scan.ignore_autofs_mounts to true.
<SystemSettings>
<Setting key="software.scan.ignore_autofs_mounts" value="true" />
</SystemSettings>
Configure the agent to scan a maximum of once a day
If you need the scheduled scan to be performed more often than once a day, for example, if the computer is turned off most of the time, but still only want to produce one scanning result per day, you can use the following configuration:
-
In the SystemSettings element of the agent configuration file, set the setting key env.allowonlyonescanperday to true.
<SystemSettings>
<Setting key="env.allowonlyonescanperday" value="true" />
</SystemSettings>
When the setting key is set to true, the agent will check when the last scan was performed before it starts a new one. If the last scan was run the same day, the agent will not start a new scan.
Note that the agent will not perform the check if the scan is run from the command line.