ScanopyScanopy

Daemon Configuration

Configuration options for Scanopy daemons.

Configuration Priority

Scanopy daemons use the following priority order (highest to lowest):

  1. Command-line arguments (highest priority)
  2. Environment variables
  3. Configuration file
  4. Default values (lowest priority)

Later sources override earlier ones. For example, an environment variable overrides the config file but is overridden by a command-line argument.

Configuration Methods

Command-line arguments (also accepted by scanopy-daemon install, which persists them to the config file — see Running as a Service):

scanopy-daemon --server-url http://192.168.1.100:60072 --api-key YOUR_KEY

Environment variables:

export SCANOPY_SERVER_URL=http://192.168.1.100:60072
export SCANOPY_DAEMON_API_KEY=YOUR_KEY
scanopy-daemon

Docker environment:

environment:
  - SCANOPY_SERVER_URL=http://192.168.1.100:60072
  - SCANOPY_DAEMON_API_KEY=YOUR_KEY

Configuration file:

The daemon automatically creates a config file at:

  • Linux: ~/.config/scanopy/daemon/config.json
  • macOS: ~/Library/Application Support/com.scanopy.daemon/config.json
  • Windows: %APPDATA%\scanopy\daemon\config.json

The config file stores runtime state (daemon ID, host ID) alongside your settings. Command-line and environment variables take priority over the file.

Parameter Reference

ParameterCLI FlagEnvironment VariableConfig File KeyDefaultDescription
Server URL--server-urlSCANOPY_SERVER_URLserver_urlhttp://127.0.0.1:60072URL where the daemon can reach the server
API Key--daemon-api-keySCANOPY_DAEMON_API_KEYdaemon_api_keyRequiredAuthentication key for daemon (generated via UI)
Network ID--network-idSCANOPY_NETWORK_IDnetwork_idNoneUUID of the network to scan
Name--nameSCANOPY_NAMEnamescanopy-daemonName for this daemon
Daemon Mode--modeSCANOPY_MODEmodedaemon_pollDaemonPoll: Daemon connects to server; works behind NAT/firewall without opening ports. ServerPoll: Server connects to daemon, for deployments where daemon cannot make outbound connections - requires providing Daemon URL
Daemon URL--daemon-urlSCANOPY_DAEMON_URLdaemon_urlRequiredBase URL where server can reach daemon
Port--daemon-portSCANOPY_DAEMON_PORTdaemon_port60073Port the daemon listens on.
Interfaces--interfacesSCANOPY_INTERFACESinterfacesNoneRestrict daemon to specific network interface(s). Comma-separated for multiple (e.g., eth0,eth1). Leave empty for all interfaces
Bind Address--bind-addressSCANOPY_BIND_ADDRESSbind_addressNoneIP address to bind daemon to
Allow Self-Signed Certificates--allow-self-signed-certsSCANOPY_ALLOW_SELF_SIGNED_CERTSallow_self_signed_certsfalseAllow self-signed certs for daemon -> server connections
Accept Invalid Scan Certificates--accept-invalid-scan-certsSCANOPY_ACCEPT_INVALID_SCAN_CERTSaccept_invalid_scan_certstrueAccept invalid TLS certificates when scanning endpoints. Enabled by default since scanners probe arbitrary internal services.
Log Level--log-levelSCANOPY_LOG_LEVELlog_levelinfoLogging verbosity
Log File--log-fileSCANOPY_LOG_FILElog_fileNonePath to log file. Defaults to platform-specific path. Set to "none" to disable file logging.
Heartbeat Interval--heartbeat-intervalSCANOPY_HEARTBEAT_INTERVALheartbeat_interval30Seconds between heartbeat updates to the server

Seeding Credentials at Registration

--credential-id / SCANOPY_CREDENTIAL_IDS

Seeds one or more credentials for the daemon to use on its first scan — so it can gather SNMP, Docker, or Podman data before you assign credentials in the UI. Provide credentials as a repeatable --credential-id flag or as a comma-separated SCANOPY_CREDENTIAL_IDS environment variable.

Each entry is a credential ID, optionally targeted at specific IP addresses:

FormApplies the credential to
<uuid>The whole network (network default — tried on every host the daemon scans).
<uuid>@<ip>The host discovered at <ip>.
<uuid>@<ip>+<ip>Several specific hosts — join IPs with +.

To target the daemon's own host — for example a local Docker or Podman socket credential — use its loopback address: <uuid>@127.0.0.1.

# CLI (repeatable)
scanopy-daemon --credential-id [email protected] --credential-id [email protected]

# Environment (comma-separated)
export SCANOPY_CREDENTIAL_IDS="[email protected],[email protected]"

After the first scan, seeded credentials are auto-assigned to the matching hosts and used on every subsequent scan.

Seeded credentials are applied only at first registration. If the daemon is already registered, they are ignored and the daemon logs a reminder to manage its credentials in the Scanopy UI instead.

There is no flag for scanning the local Docker or Podman socket. Local sockets are ordinary credentials — create a Docker Socket or Podman Socket credential and, if seeding it here, reference it with the loopback form above.

Deprecated in v0.15.0

The following parameters are deprecated and will be removed in v0.16.0. Use Docker Proxy credentials instead. See the migration guide for steps.

  • --docker-proxy / SCANOPY_DOCKER_PROXY
  • --docker-proxy-ssl-cert / SCANOPY_DOCKER_PROXY_SSL_CERT
  • --docker-proxy-ssl-key / SCANOPY_DOCKER_PROXY_SSL_KEY
  • --docker-proxy-ssl-chain / SCANOPY_DOCKER_PROXY_SSL_CHAIN

Scan speed settings (--scan-rate-pps, --arp-rate-pps, etc.) configured at the daemon level are no longer used. Scan speed is now configured per-discovery in the Speed tab. See the migration guide.

Concurrent Scans

Controls how many hosts the daemon scans simultaneously during network discovery.

Default behavior: Auto-detected based on system resources

  • Calculates based on available memory
  • Typical range: 10-20 for most systems
  • Adjusts to prevent memory exhaustion

When to set manually:

  • System crashes during scans
  • Memory errors in logs
  • Very large networks (100+ hosts)
  • Resource-constrained devices (Raspberry Pi)

Recommended values:

  • Raspberry Pi 4 (4GB): 5-10
  • Standard desktop: 15-20
  • Server: 20-30+
  • Low memory: Start with 5, increase gradually

Setting:

# CLI
scanopy-daemon --concurrent-scans 10

# Environment
export SCANOPY_CONCURRENT_SCANS=10

# Docker
environment:
  - SCANOPY_CONCURRENT_SCANS=10

Symptoms of too high:

  • Daemon crashes during scans
  • "CONCURRENT_SCANS too high for this system" error
  • Out of memory errors
  • System becomes unresponsive

Impact:

  • Lower value = slower scans, more stable
  • Higher value = faster scans, more memory usage

Logging

Output Destination

The daemon logs to stdout and stderr on all platforms. Where those logs end up depends on how you run the daemon.

Log Levels

Set the log level with --log-level or SCANOPY_LOG_LEVEL:

LevelDescription
errorErrors that prevent normal operation
warnUnexpected conditions that don't stop operation
infoGeneral operational messages (default)
debugDetailed diagnostic information
traceVery verbose output, including raw network data
# CLI
scanopy-daemon --log-level debug

# Environment
export SCANOPY_LOG_LEVEL=debug

Viewing Logs by Platform

Foreground (all platforms): Logs appear directly in the terminal where you started the daemon.

Docker:

docker logs scanopy-daemon
docker logs -f scanopy-daemon  # follow/stream logs

The daemon installs as a native service via scanopy-daemon install — see Running as a Service.

Linux (systemd): output goes to the journal.

journalctl -u scanopy-daemon -f

macOS (launchd): the service writes to /var/log/scanopy/scanopy-daemon.out.log; the daemon's own log file is at ~/Library/Logs/scanopy/scanopy-daemon.log.

tail -f /var/log/scanopy/scanopy-daemon.out.log

Windows (service): the daemon writes its log file under %ProgramData%\scanopy\.

Get-Content "$env:ProgramData\scanopy\scanopy-daemon.log" -Wait

Capturing Logs to a File

When running in the foreground, you can capture logs to a file for sharing with support:

Linux / macOS:

./scanopy-daemon 2>&1 | tee ~/scanopy-daemon.log

Windows (PowerShell):

.\scanopy-daemon.exe 2>&1 | Tee-Object -FilePath "$env:USERPROFILE\scanopy-daemon.log"

On this page