Mac Inventory Analyzer
Updated in 2023.1
The
Alloy Discovery offers various audit methods based on using standalone audit agent:
Some methods involve installing the audit agent on target computers. Other methods are based on deployment of the Inventory Analyzer package to a target location (a network share or a flash drive) and running the audit from that location.
The
- ina_mac: the Mac Inventory Analyzer executable
-
- AuditData (for the Portable Audit): the folder where the resulting audit snapshots will be placed
The
- .adt: binary files containing up-to-the-minute hardware and software inventory details of the audited computers
- .log (optional): text files containing status details of the audit operations
When configured, the
Mac Inventory Analyzer configuration file
When launched, the
This ina_mac.ini
ftp-type=FTP/FTPS
ftp-server=smtp.example.com
ftp-port=22
ftp-dir=/alloyaudit
ftp-username=username
ftp-password=[encrypted]
ftp-passive-mode=yes
ftp-ssl=yes/no
mail=collector@example.com
mail-from=sender@example.com
smtp-server=smtp.example.com
smtp-port=25
username=jdoe
password=[encrypted]
out-dir=./AuditData
SoftwareRegistryScanEnabled=yes/no
TargetCollection=sitenameNOTE: While plain text passwords are permitted, we strongly advise against using them for security reasons. When you create the configuration file within the Alloy Discovery application, passwords are stored encrypted.
It's very important that the ina_mac.ini
Transfer audit snapshots over FTP(S)/SFTP
If you want to transfer audit snapshots from remote macOS computers via SFTP, you will need to make sure that every computer has cURL OpenSSL installed. For details, see How to transfer macOS snapshots via SFTP.
Transfer audit snapshots via email
There are several ways to send audit snapshots from remote
-
Send the snapshots via SMTP server. To use this option, create a Site with the E-mail Audit Source in Alloy Discovery (for details, see Creating Sites). Make sure all the SMTP-related parameters are specified (-sp, -ss and -p with -u if your SMTP server requires authentication).
-
Send the snapshots using a Mail Transfer Agent (MTA). To use this option, execute "./
Transfer audit snapshots over FTP(S)/SFTP
If you want to transfer audit snapshots from remote macOS computers via SFTP, you will need to make sure that every computer has cURL OpenSSL installed. For details, see How to transfer macOS snapshots via SFTP.
Transfer audit snapshots via email
If you want to send audit snapshots from remote Mac computers by email, you need access to a SMTP server (for details, see Configuring outgoing e-mail). Alternatively, you can install a sendmail-compatible Mail Transfer Agent on every macOS computer.
There are several ways to send audit snapshots from remote macOS computers via email:
-
Send the snapshots via SMTP server. To use this option, create a Site with the E-mail Audit Source in Alloy Discovery (for details, see Creating Sites). Make sure all the SMTP-related parameters are specified (-sp, -ss and -p with -u if your SMTP server requires authentication).
-
Send the snapshots using a Mail Transfer Agent (MTA). To use this option, execute "./ina_mac -m collector@example.com" (make sure to replace an example e-mail address of the recipient with the real one) from the command line. The snapshots will be sent directly to the specified e-mail address via the sendmail-compatible MTA installed locally.
It's very important that ina_mac.ini resides in the same folder as the Mac Inventory Analyzer executable (ina_mac), since the configuration file contains the necessary configuration settings for the analyzer. The user is allowed to change these settings, if needed.
Running the Mac Inventory Analyzer
There are several ways to launch the Mac Inventory Analyzer:
-
Launch the Mac Inventory Analyzer from the command line without command-line switches. The Analyzer will use the configuration settings from the
ina_mac.inifile. -
Launch the Mac Inventory Analyzer from the command line using command-line switches explained in Command-line options for ina_mac. The parameters you enter on the command line override the
ina_mac.iniconfiguration file settings. -
Create a schedule to run the Mac Inventory Analyzer automatically.
Command-line options for ina_mac
After reading the ina_mac.ini configuration file, the audit agent attempts to read its command line. Command-line parameters take precedence over the configuration file. The command-line options can include the following:
| Option | Description |
|---|---|
|
|
print these command-line options |
|
|
send snapshot to collector@example.com |
-mf,
--mail-from sender@example.com |
set 'From' field to sender@example.com |
-of, --out-file report.adt |
store snapshot in report.adt file |
-od, --out-dir /var/audit/ |
store snapshot file in /var/audit/ folder |
-sp, --smtp-port 25 |
port SMTP server listens on |
-ss, --smtp-server smtp.example.com |
send e-mail via SMTP server |
-u, --username jdoe |
username for SMTP authentication |
-p, --password verysecret |
password for SMTP authentication |
-V, --version |
display program version and exit |
-v, --verbose |
verbose output |
Note that certain parameters are mutually exclusive: either output file or e-mail address can be specified, but not both.
NOTE: If you want to send the audit results over FTP, use the configuration file.
If you want to use an MTA for sending audit results, specify only e-mail address (and the sender address, if needed). If you want to send e-mail via SMTP, specify all SMTP-related options as well (-sp, -ss and -p with -u if your SMTP server requires authentication).
If output file name is not explicitly specified in the .ini file or with the --out-file option, it is assigned automatically. The format is hostname_macaddress.adt. If neither hostname nor MAC address can be determined, then the file is named
Automating the audit on client macOS computers
You can create a schedule to run Mac Inventory Analyzer automatically, for example, using the cron daemon. For details on scheduling tasks using crontab, see the crontab(1) and crontab(5) man pages.
On machines running Mac OS X 10.4 and later it's recommended to use the launchd daemon, a new advanced system process manager. For example, you could create the following property list for launchd:
<?xmlversion="1.0" encoding="UTF-8"?>
<!DOCTYPEplist PUBLIC "-//AppleComputer//DTD PLIST 1.0//EN"
"https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plistversion="1.0">
<dict>
<key>Label</key>
<string>ina_mac daily</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/run-ina-mac</string>
</array>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>1</integer>
<key>UserName</key>
<string>root</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>11</integer>
<key>Minute</key>
<integer>30</integer>
</dict>
</dict>
</plist>As a result, Mac Inventory Analyzer, which script resides in /usr/local/bin, will audit the computer daily at 11:30 AM and will send the generated audit snapshot files via email to collector@example.com.
For details on scheduling tasks using launchd, see the launchd(8), launchd.plist(5), and launchctl(1) man pages.