ScanopyScanopy

Daemon Configuration

Configuration options for Scanopy daemons.

Configuration Priority

Scanopy daemons use the following priority order (highest to lowest):

  1. Command-line arguments (highest priority)
  2. Environment variables
  3. Configuration file
  4. Default values (lowest priority)

Later sources override earlier ones. For example, an environment variable overrides the config file but is overridden by a command-line argument.

Configuration Methods

Command-line arguments:

scanopy-daemon --server-url http://192.168.1.100:60072 --api-key YOUR_KEY

Environment variables:

export SCANOPY_SERVER_URL=http://192.168.1.100:60072
export SCANOPY_DAEMON_API_KEY=YOUR_KEY
scanopy-daemon

Docker environment:

environment:
  - SCANOPY_SERVER_URL=http://192.168.1.100:60072
  - SCANOPY_DAEMON_API_KEY=YOUR_KEY

Configuration file:

The daemon automatically creates a config file at:

  • Linux: ~/.config/scanopy/daemon/config.json
  • macOS: ~/Library/Application Support/com.scanopy.daemon/config.json
  • Windows: %APPDATA%\scanopy\daemon\config.json

The config file stores runtime state (daemon ID, host ID) alongside your settings. Command-line and environment variables take priority over the file.

Parameter Reference

ParameterCLI FlagEnvironment VariableConfig File KeyDefaultDescription
Server URL--server-urlSCANOPY_SERVER_URLserver_urlhttp://127.0.0.1:60072URL where the daemon can reach the server
API Key--daemon-api-keySCANOPY_DAEMON_API_KEYdaemon_api_keyRequiredAuthentication key for daemon (generated via UI)
Network ID--network-idSCANOPY_NETWORK_IDnetwork_idNoneUUID of the network to scan
Name--nameSCANOPY_NAMEnamescanopy-daemonName for this daemon
Daemon Mode--modeSCANOPY_MODEmodedaemon_pollDaemonPoll: Daemon connects to server; works behind NAT/firewall without opening ports. ServerPoll: Server connects to daemon, for deployments where daemon cannot make outbound connections - requires providing Daemon URL
Daemon URL--daemon-urlSCANOPY_DAEMON_URLdaemon_urlRequiredBase URL where server can reach daemon
Port--daemon-portSCANOPY_DAEMON_PORTdaemon_port60073Port the daemon listens on.
Interfaces--interfacesSCANOPY_INTERFACESinterfacesNoneRestrict daemon to specific network interface(s). Comma-separated for multiple (e.g., eth0,eth1). Leave empty for all interfaces
Bind Address--bind-addressSCANOPY_BIND_ADDRESSbind_addressNoneIP address to bind daemon to
Allow Self-Signed Certificates--allow-self-signed-certsSCANOPY_ALLOW_SELF_SIGNED_CERTSallow_self_signed_certsfalseAllow self-signed certs for daemon -> server connections
Accept Invalid Scan Certificates--accept-invalid-scan-certsSCANOPY_ACCEPT_INVALID_SCAN_CERTSaccept_invalid_scan_certstrueAccept invalid TLS certificates when scanning endpoints. Enabled by default since scanners probe arbitrary internal services.
Log Level--log-levelSCANOPY_LOG_LEVELlog_levelinfoLogging verbosity
Log File--log-fileSCANOPY_LOG_FILElog_fileNonePath to log file. Defaults to platform-specific path. Set to "none" to disable file logging.
Heartbeat Interval--heartbeat-intervalSCANOPY_HEARTBEAT_INTERVALheartbeat_interval30Seconds between heartbeat updates to the server

New in v0.15.0

--credential-id

Specifies a credential ID to seed during daemon registration. Can be repeated to seed multiple credentials. Credentials specified here will be used during the daemon's first scan and auto-assigned to discovered hosts at matching IPs. See Credentials for details.

--enable-local-docker-socket

Controls whether the daemon scans containers via the local Docker socket. Defaults to true. Set to false to disable local Docker discovery (useful when using a Docker Proxy credential instead).

Deprecated in v0.15.0

The following parameters are deprecated and will be removed in v0.16.0. Use Docker Proxy credentials instead. See the migration guide for steps.

  • --docker-proxy / SCANOPY_DOCKER_PROXY
  • --docker-proxy-ssl-cert / SCANOPY_DOCKER_PROXY_SSL_CERT
  • --docker-proxy-ssl-key / SCANOPY_DOCKER_PROXY_SSL_KEY
  • --docker-proxy-ssl-chain / SCANOPY_DOCKER_PROXY_SSL_CHAIN

Scan speed settings (--scan-rate-pps, --arp-rate-pps, etc.) configured at the daemon level are no longer used. Scan speed is now configured per-discovery in the Speed tab. See the migration guide.

Concurrent Scans

Controls how many hosts the daemon scans simultaneously during network discovery.

Default behavior: Auto-detected based on system resources

  • Calculates based on available memory
  • Typical range: 10-20 for most systems
  • Adjusts to prevent memory exhaustion

When to set manually:

  • System crashes during scans
  • Memory errors in logs
  • Very large networks (100+ hosts)
  • Resource-constrained devices (Raspberry Pi)

Recommended values:

  • Raspberry Pi 4 (4GB): 5-10
  • Standard desktop: 15-20
  • Server: 20-30+
  • Low memory: Start with 5, increase gradually

Setting:

# CLI
scanopy-daemon --concurrent-scans 10

# Environment
export SCANOPY_CONCURRENT_SCANS=10

# Docker
environment:
  - SCANOPY_CONCURRENT_SCANS=10

Symptoms of too high:

  • Daemon crashes during scans
  • "CONCURRENT_SCANS too high for this system" error
  • Out of memory errors
  • System becomes unresponsive

Impact:

  • Lower value = slower scans, more stable
  • Higher value = faster scans, more memory usage

Logging

Output Destination

The daemon logs to stdout and stderr on all platforms. Where those logs end up depends on how you run the daemon.

Log Levels

Set the log level with --log-level or SCANOPY_LOG_LEVEL:

LevelDescription
errorErrors that prevent normal operation
warnUnexpected conditions that don't stop operation
infoGeneral operational messages (default)
debugDetailed diagnostic information
traceVery verbose output, including raw network data
# CLI
scanopy-daemon --log-level debug

# Environment
export SCANOPY_LOG_LEVEL=debug

Viewing Logs by Platform

Foreground (all platforms): Logs appear directly in the terminal where you started the daemon.

Docker:

docker logs scanopy-daemon
docker logs -f scanopy-daemon  # follow/stream logs

Linux (systemd): The systemd service file directs output to the journal.

journalctl -u scanopy-daemon -f

macOS (launchd): Logs are written to the paths configured in the plist file. See Running as a Service for setup.

tail -f /tmp/scanopy-daemon.stderr.log

Windows (NSSM): Logs are written to the paths configured during service installation. See Running as a Service for setup.

Get-Content "C:\ProgramData\scanopy\daemon.log" -Wait

Capturing Logs to a File

When running in the foreground, you can capture logs to a file for sharing with support:

Linux / macOS:

./scanopy-daemon 2>&1 | tee ~/scanopy-daemon.log

Windows (PowerShell):

.\scanopy-daemon.exe 2>&1 | Tee-Object -FilePath "$env:USERPROFILE\scanopy-daemon.log"

Export metrics to Prometheus

Configure Prometheus or Grafana Alloy to scrape metrics from Scanopy.

Daemon Status

What each daemon status tag means and how to resolve issues.

On this page

Configuration PriorityConfiguration MethodsParameter ReferenceNew in v0.15.0--credential-id--enable-local-docker-socketDeprecated in v0.15.0Concurrent ScansLoggingOutput DestinationLog LevelsViewing Logs by PlatformCapturing Logs to a File