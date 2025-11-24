The DOCA Argus service is configurable via the SERVICE_CONFIG_FILE section of the container's YAML file. Adjust the configuration according to your deployment requirements.

If enabled, the service shuts down immediately upon receiving a SIGINT or SIGTERM signal, without waiting for a graceful termination.

Controls the verbosity of the Argus service logs. The default level is 50 (INFO). Available values:

10=DISABLE

20=CRITICAL

30=ERROR

40=WARNING

50=INFO (default)

60=DEBUG

70=TRACE

Sets the sleep interval between consecutive system scans. Units supported: s (seconds), m (minutes), ms (milliseconds).

Enables automatic scanning of all detectable systems. These systems will be scanned using the default configuration. If the systems section is empty, Auto Scan mode is enabled by default.

Defines the default system configuration, used unless overridden in the systems section. See section "Per-System Configuration" for available parameters.

Defines a list of explicitly configured systems (host/VM) that should be scanned with custom settings. The following parameters must be overridden:

Representor ID

DMA Device Name

Each system defined under systems supports the following parameters:

Specifies the ID of the VF/PF to be monitored. Only VU (Virtual Unique) format is supported.

For PFs: Copy Copied! [host] lspci -vv -s <pf_pci_address> | grep VU | cut -d " " -f 4

To list PF PCIe addresses: Copy Copied! [host] lspci | grep "Ethernet controller: Mellanox Technologies" Note Always run lspci on the host, not the BlueField. The VU ID on BlueField will appear with “EC” inserted (e.g., MT2333XZ06YAECMLNXS0D0F0 ), which is invalid.

For VFs: Append VF<x> to the PF's VU ID. For example: PF VU ID: MT2333XZ06YAMLNXS0D0F0 VF #1 VU ID: MT2333XZ06YAMLNXS0D0F0VF1



Path to a JSON file containing memory region definitions (excluding device regions) for the monitored OS. Refer to doca_apsh_system in the DOCA App Shield Programming Guide.

Path to the OS symbol manifest (single file or directory). Refer to doca_apsh_system for details.

Specifies the OS type: linux or windows .

Name of the DMA (Direct Memory Access) device to be used. To list available devices:

Copy Copied! [dpu] ibv_devinfo | grep 'hca_id' | awk '{print $2}'

Info Typically, the last number in the VU ID correlates with the DMA device (e.g., mlx5_0 ).





Overrides service logging verbosity (same options as above).

These settings prevent resource exhaustion or excessive scanning overhead.

String length – Maximum length of strings (e.g., command names) to track.

Process – Maximum number of processes to track.

File handles – Maximum number of file descriptors (e.g., open files, sockets) to track.

Threads – Maximum number of threads to track per process.

Process memory – Maximum number of VMAs (Virtual Memory Areas) to track per process.

Container filter – Enables filtering of activities originating from within containers. Non-containerized processes are not filtered.

SBOM – Specifies authorized SHA256 hashes of executables and libraries. Format: <SHA256>[, <size>] . Containers : Defines SBOM entries for containerized processes. Non-containers : Defines SBOM entries for non-containerized processes.



Events – Toggle to enable/disable event collection.

Log events to stdout – Enables or disables console logging.

Log folder path – Directory for saving log files. Set to false to disable.

Log threshold size – Maximum size of a single log file before rotation.

Log max files count – Number of rotated log files to retain.