Configuration file options
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Configuration File Options
The configuration options for theacc.ymlfile are essential for setting up and managing the Agent Client Collector (ACC) in your ServiceNow environment. These options enable you to customize agent behavior, establish connections, and enhance security according to your organization's needs.
Show less
Key Features
- Basic Configuration: Set parameters such as agent name, backend URLs for communication, and authentication credentials (username and password).
- Advanced Configuration: Options to control plugin signature verification, auto MID selection, asset downloading, and agent settings for executing commands.
- Proxy Configuration: Specify the location of the PAC file for proxy settings, along with caching and refresh intervals.
Key Outcomes
By correctly configuring the acc.yml file, you can:
- Ensure reliable communication between agents and ServiceNow by specifying multiple backend URLs.
- Enhance security through API key authentication and allow lists for command execution.
- Optimize agent performance by controlling the execution of commands and managing plugin updates effectively.
- Streamline proxy connections and recover from any temporary issues with automatic cache refreshes.
Properly utilizing these configuration options will lead to a more secure, efficient, and reliable ServiceNow experience for your organization.
Options available in the acc.yml configuration file.
| Option | Type | Default | Description | Example |
|---|---|---|---|---|
| name | String | Agent_<value of the hostname command> | Agent name registered on the SN instance can be specified by the user. The result of the 'hostname' command is used as the default. | name: <name of agent> |
| backend-url | List | wss://127.0.0.1:8800/ws/events | List of MID Webserver endpoint URLs to communicate with. If communication cannot be configured with the first URL, the system moves to the ensuing URLs until it establishes a connection. Works when
enable-auto-mid-selection=true |
backend-url: <mid server ip>:<websocket port> |
| api-key | String | <None> | API key used by the MID Server to authenticate incoming agent connections. Value is encrypted on initial agent startup. | api-key: <mid web server api key> |
| user | String | admin | Username used for basic authentication. If this parameter is empty, the agent does not start. |
user: "agent-01" |
| password | String | admin | Password used for basic authentication. Value is encrypted on initial agent startup. If this parameter is empty, the agent does not start. |
password: <secure-password> |
| log-level | String | Info | Amount of logging to appear in the acc.log file. Values:
|
log-level: debug |
| allow-list | String | /etc/servicenow/agent-client-collector/check-allow-list.json | Path to the JSON file that contains the list of check commands the agent can execute. Comment out this parameter to disable the allow-list. If this parameter is empty, the allow-list is disabled. |
allow-list: /etc/agent/check-allow-list.json |
| appl_classification_behavior | List | simple | Indicates whether to enable shell CI creation on the agent. Possible values are:
|
appl_classification_behavior: off |
| Option | Type | Default | Description | Example |
|---|---|---|---|---|
| verify-plugin-signature | Boolean | True | Verifies the plugin signature prior to execution. Disable when using self-signed or developmental plugins. | verify-plugin-signature: true |
| insecure-skip-tls-verify | Boolean | True | Determines whether the verify the certificate when connecting to the MID Server. | insecure-skip-tls-verify: true |
| enable-auto-mid-selection | Boolean | True | Controls the Auto MID Selection feature to connect to the optimal MID Web Server provided by the instance. | enable-auto-mid-selection: true |
| check-command-prefer-installed | Boolean | False | Indicates the preference of executables provided within ACC plugins or executables available in the host system’s PATH variable.
|
check-command-prefer-installed: false |
| powershell_installed | Boolean | False | Disables powershell command execution on agents. | powershell-installed: true |
| allow-list-global-only | Boolean | False | Set to true to enhance security by relying only on the allow list defined in the allow-list parameter you specify during configuration, ignoring allow lists bundled with ACC plugins. | allow-list-global-only: false |
| disable-assets | Boolean | false | Indicates whether a check running with an asset (plugin) dependency fetches ACC plugins from the ServiceNow® instance, or uses a copy of the plugins in its cache folder. When set to false, additional assets can be downloaded during check execution. Set to true to enhance security and ensure that no new plugins are downloaded during check execution. |
disable-assets: false |
| agent-upgrade-url-path | String | https://install.service-now.com/glide/distribution/builds/package/app-signed/ | Indicates an alternate web server URL endpoint for downloading ACC installer packages when performing selective upgrade. | agent-upgrade-url-path: https://<ip address>:<port>/acc_installers |
| certificate-rotation-days-out | Integer | 28 | Indicates the number of days before certificate expiration that an agent attempts to rotate its certificate. | certificate-rotation-days-out=28 |
| enable-patterns-on-agent | Boolean | false | Enables gathering details on the applications which run on the Agent Client Collector. This parameter is required only when using the Agent Client Collector for pattern execution. |
enable-patterns-on-agent: true |
| keepalive-filter-nics | Boolean | true | Indicates whether Network Interface Controllers (NICs) are filtered on the agent (true) or the MID Server (false) during keepalive action. | keepalive-filter-nics: true |
| keepalive-number_nics_per_ip_type | Integer | 1 | Indicates the maximum number of Network Interface Controllers (NICs) per IP type (IP4, IP6) sent with a keepalive action. The indicated number is sent for each IP type. For example, if the value is 1, a maximum of 2 NICs are sent (0-1 each for IP4 and IP6). If the value is 4, a maximum of 8 NICs are sent (0-4 each for IP4 and IP6). |
keepalive-number_nics_per_ip_type: 4 |
| Option | Type | Default | Description | Example |
|---|---|---|---|---|
| pac-file | String (Required) |
"" (empty) | Specifies the location of the PAC file to use for proxy configuration. Can be either:
|
pac-file: "https://proxy.company.com/proxy.pac" |
| pac-cache-ttl | Duration (Optional) |
30m (30 minutes) | Determines how long proxy rules from the PAC file are cached in memory. Setting this to 0 disables caching. |
pac-cache-ttl: "1h" # Cache for 1 hour |
| pac-refresh-interval | Duration (Optional) |
30m (30 minutes) | Specifies how often the agent is to check for updates to the PAC file. Useful when the PAC file is hosted remotely and may be updated periodically. |
pac-refresh-interval: "15m" # Check for updates every 15 minutes |
| pac-dial-timeout | Duration (Optional) |
30s (30 seconds) | Indicates the amount of time to wait when establishing a connection through a proxy server before timing out. | pac-dial-timeout: "10s" # 10 second timeout |
| pac-reset-on-connect-failure | Boolean (Optional) |
true | When set to true, the agent clears the PAC cache and attempts to refresh the PAC file if a proxy connection proxy fails. This helps recover from proxy configuration changes or temporary proxy issues. | pac-reset-on-connect-failure: true |