Updated in 2023.1
Alloy Discovery offers various audit methods based on using standalone audit agent:
Some methods involve installing the audit agent on target computers; other methods are based on deployment of the Inventory Analyzer package to a target location (a network share or a flash drive) and running the audit from that location.
- ina_mac - the Mac Inventory Analyzer executable
ina_mac.ini - the MacInventory Analyzer configuration file
- AuditData - the folder where the resulting audit snapshots will be placed
- .adt - binary files containing up-to-the-minute hardware and software inventory details of the audited computers;
- .log (optional) - text files containing status details of the audit operations
When configured, the
ina_mac.ini configuration file contains parameters governing the Mac Inventory Analyzer's operation. The configuration file may contain zero or more of the following lines in any order. Values are for illustrative purposes only. Some lines are mutually exclusive.
NOTE: Both plain text and encrypted passwords are allowed. You can enhance security by creating the configuration file from within Alloy Discovery; in this case, the password will be stored encrypted.
Transfer audit snapshots over FTP(S)/SFTP
If you want to transfer audit snapshots from remote macOS computers via SFTP, you will need to make sure that every computer has cURL OpenSSL installed. For details, see How to transfer macOS snapshots via SFTP.
Transfer audit snapshots via email
If you want to send audit snapshots from remote Mac computers by email, you need access to a SMTP server (for details, see Configuring outgoing e-mail). Alternatively, you can install a sendmail-compatible Mail Transfer Agent on every macOS computer.
There are several ways to send audit snapshots from remote macOS computers via email:
Send the snapshots via SMTP server. To use this option, create a Site with the E-mail Audit Source in Alloy Discovery (for details, see Creating Sites). Make sure all the SMTP-related parameters are specified (-sp, -ss and -p with -u if your SMTP server requires authentication).
Send the snapshots using a Mail Transfer Agent (MTA). To use this option, execute "./ina_mac -m firstname.lastname@example.org" (make sure to replace an example e-mail address of the recipient with the real one) from the command line. The snapshots will be sent directly to the specified e-mail address via the sendmail-compatible MTA installed locally.
It's very important that
ina_mac.ini resides in the same folder as the Mac Inventory Analyzer executable (ina_mac), since the configuration file contains the necessary configuration settings for the analyzer. The user is allowed to change these settings, if needed.
There are several ways to launch the Mac Inventory Analyzer:
Launch the Mac Inventory Analyzer from the command line without command-line switches. The Analyzer will use the configuration settings from the
Launch the Mac Inventory Analyzer from the command line using command-line switches explained in Command-line options for ina_mac. The parameters you enter on the command line override the
ina_mac.iniconfiguration file settings.
Create a schedule to run the Mac Inventory Analyzer automatically.
After reading the
ina_mac.ini configuration file, the audit agent attempts to read its command line. Command-line parameters take precedence over the configuration file. The command-line options can include the following:
-h, --help print these command-line options
-m, --mail email@example.com send snapshot to firstname.lastname@example.org
-mf, --mail-from email@example.com set 'From' field to firstname.lastname@example.org
-of, --out-file report.adt store snapshot in report.adt file
-od, --out-dir /var/audit/ store snapshot file in /var/audit/ folder
-sp, --smtp-port 25 port SMTP server listens on
-ss, --smtp-server smtp.example.com send e-mail via SMTP server
-u, --username jdoe username for SMTP authentication
-p, --password verysecret password for SMTP authentication
-V, --version display program version and exit
-v, --verbose verbose output
Note that certain parameters are mutually exclusive: either output file or e-mail address can be specified, but not both.
If you want to use an MTA for sending audit results, specify only e-mail address (and the sender address, if needed). If you want to send e-mail via SMTP, specify all SMTP-related options as well (-sp, -ss and -p with -u if your SMTP server requires authentication).
If output file name is not explicitly specified in the .ini file or with the --out-file option, it is assigned automatically. The format is hostname_macaddress.adt. If neither hostname nor MAC address can be determined, then the file is named ina_mac.adt.
On machines running Mac OS X 10.4 and later it's recommended to use the launchd daemon, a new advanced system process manager. For example, you could create the following property list for launchd:
<!DOCTYPEplist PUBLIC "-//AppleComputer//DTD PLIST 1.0//EN"
As a result, Mac Inventory Analyzer, which script resides in
/usr/local/bin, will audit the computer daily at 11:30 AM and will send the generated audit snapshot files via email to