About directory structure in the Persistent Volume

Input configuration of SPE Azure Agent Container
  • During startup, the SPE Azure Agent container looks for the input configuration file to be present on the PV. If the input configuration file is not available to be applied, the SPE Azure Agent Container starts up with the default shipped configuration. If the input configuration is provided on the PV, then the SPE Azure Agent Container picks up the input configuration and uses it during the startup.The PV location where the SPE Azure Agent Container looks for the input configuration is -
    /<mount_point>/agent-data/azure-blob/config/
    .
  • During startup if user want to protect an asset or list of assets with NRTS (Near Real Time Scanning) then that asset or list of assets need to be provided via asset configuration. Once the asset or list of assets are provide the SPE Azure Agent container will start protecting those using NRTS. The PV location where the SPE Azure Agent Container looks for the assets configuration (
    asset.csv
    ) is -
    /<mount_point>/agent-data/azure-blob/config/
    .
Data generated by SPE Azure Agent Container
For each container, a container-specific directory is created to store log files whenever liveness check is failed.
  • log
    The crash or unexpected termination of SPE Azure Agent Container logs are stored in log directory in .gz format. For troubleshooting any unexpected termination of SPE Azure Agent Container, these logs are very vital. The support should gather and analyze these logs to understand the root cause of the termination. The PV location where these logs are present is -
    /<mount_point>/agent-data/azure-blob/logs/
    .
Input policy and license
On the Persistent Volume (PV) mount point,
/<mount_point>
, a directory with a name
spe-data
is created, in case it is not already created. It is used for the user input and store data, logs, and statistics that are generated by SPE containers.
Policy
During startup, the SPE container looks for the input policy to be used on the PV. If the input policy is not available to be applied, the SPE container starts up with the default shipping policy. If the input policy is provided on the PV, then the SPE container picks up the input policy and applies the policy on the default policy during the startup.
The PV location where the SPE container looks for the input policy is -
/<mount_point>/spe-data/policy/
.
License
The SPE docker image and the Helm chart require the BYOL license for using it. Refer to the licensing topic for more information.
During startup, the SPE container looks for the license to be used on the PV. If the input license is provided on the PV, then the SPE container picks up the input license and applies the license to SPE on the pod during the startup.
The PV location where the SPE container looks for the input license is -
/<mount_point>/spe-data/license/
.
Data generated by SPE container
For each container, a container-specific directory is created to store log files, debug logs, policy audit directory, and quarantine items.
  • log
    - report.xml and SPE customer logs are stored in log directory. report.xml stores statistics, definition information, component version information along with the license status. Use the log converter to convert, filter logs.
  • log/debug
    - Component logs, such as CSAPI and Stargate logs when configured are stores in debug directory.
  • policy
    - Policy directory stores shipping policy in directory
    spexmlpolicy-default
    for auditing purpose. User specified policy is stored in directory beginning with spexmlpolicy that are suffixed with the date time stamp in XML and json form. For example, spexmlpolicy-2023.03.17-20.05.28 and spepolicy-2023.03.17-20.03.18.json.
  • quarantine
    - Item quarantined by SPE container.

Sample directory structure

├── agent-data │ └── azure-blob │ ├── config │ │ ├── assets.csv │ │ └── azureconfig.json │ └── logs │ ├── spe-azure-chart-specs-64cbfd9977-2lmnk-2023-05-15-11-26-46.tar.gz └── spe-data ├── container │ └── spe-chart-specs-d85cb488f-t55zg │ ├── log │ │ ├── debug │ │ │ ├── defutils.log │ │ │ ├── lux.log │ │ │ └── specontainer.log │ │ ├── report.xml │ │ ├── SSE20230621.dat │ │ ├── SSE20230621.log │ │ └── SSE20230621.rcl │ ├── policy │ │ ├── spepolicy-2023.06.21-08.26.19.json │ │ ├── spexmlpolicy-2023.06.21-08.27.05 │ │ │ ├── centralmgmt.xml │ │ │ ├── configuration.xml │ │ │ ├── filtering.xml │ │ │ ├── liveupdate.xml │ │ │ ├── policy.xml │ │ │ ├── report.xml │ │ │ └── version.xsd │ │ └── spexmlpolicy-default │ │ ├── centralmgmt.xml │ │ ├── configuration.xml │ │ ├── filtering.xml │ │ ├── liveupdate.xml │ │ ├── policy.xml │ │ ├── report.xml │ │ └── version.xsd │ └── quarantine ├── license │ └── spelicense-user-input.slf └── policy ├── centralmgmt.xml ├── configuration.xml ├── filtering.xml ├── liveupdate.xml ├── policy.xml └── version.xsd