Skip to main content

Configure the scanner

To configure the Snow Inventory Oracle scanner, use the Oracle element of the agent configuration file, snowagent.config.

The element has the following contents:

<Oracle enabled="..." debug="...">
  <Environment>...</Environment>
  <DefaultInstanceCredentials>...</DefaultInstanceCredentials>
  <Oratab>...</Oratab>
  <InstancesWithConfiguration>...</InstancesWithConfiguration>
  <Include>...</Include>
  <Exclude>...</Exclude>
  <FileSystemSecurityModule>...</FileSystemSecurityModule>
  <CommonOSGroup>...</CommonOSGroup>
  <UseMixedCredentials>...</UseMixedCredentials>
  <EnableEbsScanning>...</EnableEbsScanning>
</Oracle>

For a description of the elements Environment, DefaultInstanceCredentials, Oratab, InstancesWithConfiguration, Include, and Exclude, see Oracle. Descriptions of the remaining elements are provided below.

note

Configured elements that are not applicable to Windows will have no impact on the scanning process in a Windows environment.

Enable the scanner

To enable the scanner, set the enabled setting to true. The agent will then run the scanner as part of the scanning process.

<Oracle enabled="true">

Configure the scanner to work with forced change of CWD on OS user logon

Applicable to Linux and Unix.

Snow Inventory Oracle Scanner creates a temporary working directory that it uses during the scan. If your company has, for example, a custom file system security setup that changes the CWD (Current Working Directory) on OS user logon, the user will be navigated out of the temporary directory and the scan will fail to execute, if you are using the default configuration of the scanner.

To be able to run the scanner in combination with a security policy as described above, use the below configuration. With the configuration, the scanner will navigate from the CWD to the correct temporary working directory after the OS user logon.

<FileSystemSecurityModule>CWD</FileSystemSecurityModule>

The configuration should be used when the following circumstances apply:

  • The scanner is executed with full privileges (root).

  • The environment that the scanner is executed on has a custom login script that changes the CWD when using the switch user command (su) under Linux and Unix.

The configuration will not affect the execution of the scanner in a Windows environment.

The default value is DEFAULT and is used in all other circumstances than the one described above.

Configure DBA group name

Applicable to Linux and Unix.

Snow Inventory Oracle Scanner uses the DBA group name dba by default. To make the scanner use a custom DBA group name instead, use the following configuration:

<CommonOSGroup>[custom dba group name]</CommonOSGroup>
note

All operating system users that are running database instances should be members of the group.

The configuration will not affect the execution of the scanner in a Windows environment.

The default value is dba and is used in all other circumstances than the one described above.

Enable default instance credentials

You can specify instance credentials to be used in all Oracle scans by configuring the DefaultInstanceCredentials element. The default instance credentials are used for all detected databases in a given environment.

EXAMPLE
  <DefaultInstanceCredentials>
      <UserName>username</UserName>
      <Password>encryptedpassword</Password>
  </DefaultInstanceCredentials>

Note that for the credentials to work in mixed environments, additional configurations must be made, as described in Enable default instance credentials in mixed environments.

Enable default instance credentials in mixed environments

Applicable to Linux, Unix, and Windows.

To use default instance credentials in environments with both container and non-container databases, you must enable the UseMixedCredentials element in addition to DefaultInstanceCredentials:

<UseMixedCredentials>true</UseMixedCredentials>

Since dedicated database users used for scanning must be created as common users for container databases, with a C## prefix, and as regular users for non-container databases, without a C## prefix, this will allow the user defined under the default instance credentials to work on both. When enabled, if the scanner cannot connect to the specific database with the configured user, it will try again by adding or removing the C## prefix from the username.

For example, if the DefaultInstanceCredentials element has been configured with the common user C##SNOW and the scanner does not succeed to connect to a database, it will try again with the user SNOW, and vice versa.

note

This configuration option will have effect only if the DefaultInstanceCredentials element is also configured.

The default value is false and is used in all other circumstances than the one described above.

Enable E-Business Suite scanning

Applicable to Linux, Unix, and Windows.

This configuration option determines whether the Oracle scanner will inventory E-Business Suite data or not. The default value is true. To disable E-Business Suite data inventory, use the value false:

<EnableEbsScanning>false</EnableEbsScanning>
note

The inventoried E-Business Suite data can be displayed and managed in the Oracle section of SAM Core on Snow Atlas. The data cannot be used in Snow License Manager.