Set up Assets Discovery Agent

You don’t need to use Assets Discovery Agent unless you want to:

  • discover data from systems that are not always online (like office computers or notebooks)
  • collect data from Windows systems without opening the inbound WMI port or the Dynamic DCOM ports.

はじめる前に

  • Note that you can install Assets Discovery Agent only on Windows-based machines (as it uses Windows Management Instrumentation (WMI) for scanning and is installed as a Windows service).
  • Download and install Assets Discovery but use the Discovery_Agent_Setup.msi installer instead to install Agent. 
  • You must have Jira Admin permissions as well as administrator permissions on:
    • your Windows or Linux system to install Assets Discovery
    • your Windows system to install Assets Discovery Agent

Set up Assets Discovery Agent

To set up:

  1. Install Agent on the machine and make sure that the firewall will accept connections from the inbound port 51337.
  2. To collect the data, configure the agent settings of the Discovery tool. 
  3. Configure the agent token to make sure that Discovery can communicate with the agent.

The file transfer between the Discovery-Tool and the Windows agent is secured by AES 128 encryption. For each transfer, both tools are exchanging a session key for the encryption.

Collecting data from agents

Now that you have agents, you must enable Assets Discovery as a service to collect the data from them. 

We recommend that you deploy agents and run them without changing any of the default setting. However, if you want to, you can manually edit the advanced settings in the agent.cfg file. 

Configuring a dedicated account for running Agent service

We recommend that you also use a dedicated SSH account for Linux machines.

By default, all Agent services that run in the background under the  NT AUTHORITY\SYSTEM  account, grant extensive permissions, including unlimited access to the local machine. As this can pose a security risk if the Discovery Tool is compromised, we recommend that you use a dedicated administrator account to run this service on the agent and grant the minimum required privileges.  Learn which commands are executed by Assets Discovery

To change the account used by the service manually on each machine where Agent is installed:

  1. Search for and open  services.msc  from the  Start  menu. 
  2. Locate the Agent service and then right-click the service and select  Properties.
  3. From the  Log on  tab, in the  Log on as  section, select the  This account  option and enter the credentials of the dedicated administrator account.

エージェントの管理

You can manage all your configured agents from here and view details including the version number and status of your agents (such as running, not available).

Manage agents setting window

You can select one or more agents and perform the following actions.

Trigger scan

Assets Discovery will trigger the selected agents at the configured range to start a local scan.

Collect results

Select this to get data collected by agents to Discovery host.

Update Agents

You can update all connected agents (that are on version 7.0.0 or later) to the latest version directly from here, instead of navigating to each agent and updating it individually.

Revoke token

Revokes the unique token generated by the Discovery Agent. The token will be removed from the Discovery storage, and you'll need to use a pairing token (Agent Token) to re-establish communication with the Discovery. To revoke a token:

  1. Select agents for which you want to revoke the token.
  2. Select Revoke token. The selected agents will display an Unhealthy: invalid signature status.
  3. Log into every machine where an agent runs and set a new agent token by running the discovery_agent.exe -token <AGENT_TOKEN> file.

  4. Check that the agents show a healthy status.

How to force agents to transfer data to a target path

If you want to transfer the result data as an XML file to the configured target path, you can add an SFTP transfer setting.

Add the following code to the agents.cfg file, inside of the <Settings> node:

<SFTPSettings>
    <ExportPath>192.168.2.2/discovery/import</ExportPath>
    <UserName>yourUser</UserName>
    <Password>mysecurepassword</Password>
    <TransferReties>5</TransferReties>
    <TranserRetryInterval>30</TranserRetryInterval>
</SFTPSettings>

or use Discovery_Agent.exe -setupsftp (this will execute a small console configuration for the sftp transfer). Note that the password will be encrypted during the first startup.

Agent settings

Here’s some of the basic agent settings you’ll need to configure in the Agent tab.

設定

説明

Patterns transfer

Here you can configure files that will be synchronized with all available agents at the configured range.

For example, you can transfer pattern files from discovery/pattern/myCustomPattern.pat to agent/pattern/myCustomPattern.pat.

For example, you can transfer pattern files from discovery/pattern/myCustomPattern.pat to agent/pattern/myCustomPattern.pat.

This will also work if you made changes to your source files.

Agent Scan Interval

The interval, in minutes, before the Assets Discovery service checks with agents for new data. When the interval is reached, the service will perform a self restart to release the allocated memory that can not release during the service process is running. It will not affect a running scan, the restart will only be executed when there is a free time slot between the configured scan settings. When it is configured to 0 the function is disabled.

Agent IP Range

Here you can define the IP Range(s) that will be checked for available Discovery-Agents. Like the IP-Range at the Common-Setting you can define multiple IP ranges

If you are adding IP ranges for the first time, select View configured agents in the Manage Agents section to view the list of your configured agents.

Agent TCP Port

The TCP Port of the available agents in the configured IP Range.

Agent Timeout

The default timeout for each connection to a remote agent. The default period is 3 seconds.

Agent Token

Add a secure token in this field or select Generate token and then select Save token

Copy this token and navigate to the machine or node where Agent is installed. Run the agent with -token parameter (Discovery_Agent.exe -token) and use the token you've copied earlier.

When you upgrade to Assets Discovery 7.0.3-Cloud/7.0.3 Data_Center or later, the agent token configured previously on each agent will be replaced by a unique token generated by the agent and stored on the Discovery side. This token will be used for all further communications between the Discovery tool and the agent. The original agent token is used just to initiate the connection for the first time.

In case you want to revoke existing agent tokens, select Generate token and then select Save token . After that, Discovery will not be able to trigger scans or collect data and a new Discovery token should be configured for the agents manually as described above.

高度な設定

設定説明
ScanLogLevel

To log basic information, use the Normal-Setting.

To log detailed information about each discovery scan, use the Extended-Setting.

To log information so that support can assist you with a problem, use the Debug-Setting.

AgentPortThe default listener port is 51337. If you change this port, you must also change the agent port in the Discovery-Tool configuration file, discovery.cfg.
UseAllNetworkInterfaces

Set to false by default.

To configure the agent to listen to any active network interface, set this to true.

UseIPMatching

By default, the agent listens on the first active IPv4 network interface.

To configure the agent to listen to matching IPv4/IPv6 network masks, set a value. For example, 192.168.5.85/24 or 2001:db8:abcd:0012::0/64.

If you configure both the above settings (UseAllNetworkInterfaces, UseIPMatching), the agent only uses the UseIPMatching setting.

DeleteLogsAfterHere you can set the days after the logfiles will be deleted, the default is 7 days.
DisableTCPListenerThis setting is useful when you use the direct copy option. If you set it to true, the agent will not start the TCP -Listener.
DirectCopyPath

If required, the agent can directly copy the scan result files to another system (for example, the Jira/Assets-System). You must use a full UNC-Path. For example, \\myserver\import\schemaname.

If these options are configured, the agent will transfer the result data as an .xml file to the configured target path.

スキャンの間隔Set the interval of performed scans in hours. The default is 24 hours.

SaveTimeStamp

The last time settings were saved. Update this value to a future time if you intend to distribute the file copy to other machines with Agent installed.
AgentTokenEncrypted agent token value, which is saved automatically when the discovery_agent.exe -token command is executed. Alternatively, you can set copy the token from the Discovery app here and it will be automatically encrypted when the Agent service restarts.
最終更新日 2024 年 9 月 27 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.