Online Help

You are here:

Mac Inventory Analyzer

Updated in 2023.1

The Mac Inventory Analyzer is an Alloy Software audit agent that collects inventory data on computers running macOS. The analyzer (code name ina_mac) is deployed onto the client side running the audit outside of Alloy Discovery. The collected inventory data is stored in the audit snapshots, which are saved in the specified location or transferred via FTP (or email) back to Alloy Discovery.

NOTE: The Mac Inventory Analyzer produces snapshots in the same format as Windows Inventory Analyzer.

Alloy Discovery offers various audit methods based on using standalone audit agent:

Some methods involve installing the audit agent on target computers; other methods are based on deployment of the Inventory Analyzer package to a target location (a network share or a flash drive) and running the audit from that location.

The Mac Inventory Analyzer package includes the following files and folders:

ina_mac - the Mac Inventory Analyzer executable
ina_mac .ini - the Mac Inventory Analyzer configuration file
AuditData - the folder where the resulting audit snapshots will be placed

The Mac Inventory Analyzer produces the following output files:

.adt - binary files containing up-to-the-minute hardware and software inventory details of the audited computers;
.log (optional) - text files containing status details of the audit operations

When configured, the Mac Inventory Analyzer may also generate additional files that can be used by our Support Team.

Mac Inventory Analyzer configuration file

The ina_mac.ini configuration file contains parameters governing the Mac Inventory Analyzer's operation. The configuration file may contain zero or more of the following lines in any order. Values are for illustrative purposes only. Some lines are mutually exclusive.

mail=collector@example.com

mail-from=sender@example.com

smtp-server=smtp.example.com

smtp-port=25

username=UserName

password=verysecret

ftp-type=FTP/FTPS

ftp-server=ftp.example.com

ftp-port=22

ftp-dir=/directory

ftp-username=UserName

ftp-password=[encrypted]

ftp-passive-mode=yes/no

ftp-ssl=yes/no

out-dir=./AuditData

SoftwareRegistryScanEnabled=yes/no

TargetCollection=SiteName

NOTE: Both plain text and encrypted passwords are allowed. You can enhance security by creating the configuration file from within Alloy Discovery; in this case, the password will be stored encrypted.

Transfer audit snapshots over FTP(S)/SFTP

If you want to transfer audit snapshots from remote macOS computers via SFTP, you will need to make sure that every computer has cURL OpenSSL installed. For details, see How to transfer macOS snapshots via SFTP.

Transfer audit snapshots via email

If you want to send audit snapshots from remote Mac computers by email, you need access to a SMTP server (for details, see Configuring outgoing e-mail). Alternatively, you can install a sendmail-compatible Mail Transfer Agent on every macOS computer.

There are several ways to send audit snapshots from remote macOS computers via email:

Send the snapshots via SMTP server. To use this option, create a Site with the E-mail Audit Source in Alloy Discovery (for details, see Creating Sites). Make sure all the SMTP-related parameters are specified (-sp, -ss and -p with -u if your SMTP server requires authentication).
Send the snapshots using a Mail Transfer Agent (MTA). To use this option, execute "./ina_mac -m collector@example.com" (make sure to replace an example e-mail address of the recipient with the real one) from the command line. The snapshots will be sent directly to the specified e-mail address via the sendmail-compatible MTA installed locally.

It's very important that ina_mac.ini resides in the same folder as the Mac Inventory Analyzer executable (ina_mac), since the configuration file contains the necessary configuration settings for the analyzer. The user is allowed to change these settings, if needed.

Running the Mac Inventory Analyzer

There are several ways to launch the Mac Inventory Analyzer:

Launch the Mac Inventory Analyzer from the command line without command-line switches. The Analyzer will use the configuration settings from the ina_mac.ini file.
Launch the Mac Inventory Analyzer from the command line using command-line switches explained in Command-line options for ina_mac. The parameters you enter on the command line override the ina_mac.ini configuration file settings.
Create a schedule to run the Mac Inventory Analyzer automatically.

Command-line options for ina_mac

After reading the ina_mac.ini configuration file, the audit agent attempts to read its command line. Command-line parameters take precedence over the configuration file. The command-line options can include the following:

-h,  --help				print these command-line options

-m,  --mail collector@example.com	send snapshot to collector@example.com

-mf, --mail-from sender@example.com	set 'From' field to sender@example.com

-of, --out-file report.adt		store snapshot in report.adt file

-od, --out-dir /var/audit/		store snapshot file in /var/audit/ folder

-sp, --smtp-port 25			port SMTP server listens on

-ss, --smtp-server smtp.example.com	send e-mail via SMTP server

-u,  --username jdoe			username for SMTP authentication

-p,  --password verysecret		password for SMTP authentication

-V,  --version				display program version and exit

-v,  --verbose				verbose output

Note that certain parameters are mutually exclusive: either output file or e-mail address can be specified, but not both.

If you want to use an MTA for sending audit results, specify only e-mail address (and the sender address, if needed). If you want to send e-mail via SMTP, specify all SMTP-related options as well (-sp, -ss and -p with -u if your SMTP server requires authentication).

If output file name is not explicitly specified in the .ini file or with the --out-file option, it is assigned automatically. The format is hostname_macaddress.adt. If neither hostname nor MAC address can be determined, then the file is named ina_mac.adt.

Automating the audit on client macOS computers

You can create a schedule to run Mac Inventory Analyzer automatically, for example, using the cron daemon. For details on scheduling tasks using crontab, see the crontab(1) and crontab(5) man pages.

On machines running Mac OS X 10.4 and later it's recommended to use the launchd daemon, a new advanced system process manager. For example, you could create the following property list for launchd:

plist
<?xmlversion="1.0" encoding="UTF-8"?> <!DOCTYPEplist PUBLIC "-//AppleComputer//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plistversion="1.0"> <dict> <key>Label</key> <string>ina_mac daily</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/run-ina-mac</string> </array> <key>LowPriorityIO</key> <true/> <key>Nice</key> <integer>1</integer> <key>UserName</key> <string>root</string> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>11</integer> <key>Minute</key> <integer>30</integer> </dict> </dict> </plist>

plist

<?xmlversion="1.0" encoding="UTF-8"?>

<!DOCTYPEplist PUBLIC "-//AppleComputer//DTD PLIST 1.0//EN"

"https://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plistversion="1.0">

	<dict>

		<key>Label</key>

		<string>ina_mac daily</string>

		<key>ProgramArguments</key>

		<array>

			<string>/usr/local/bin/run-ina-mac</string>

		</array>

		<key>LowPriorityIO</key>

		<true/>

		<key>Nice</key>

		<integer>1</integer>

		<key>UserName</key>

		<string>root</string>

		<key>StartCalendarInterval</key>

		<dict>

			<key>Hour</key>

			<integer>11</integer>

			<key>Minute</key>

			<integer>30</integer>

		</dict>

	</dict>

</plist>

As a result, Mac Inventory Analyzer, which script resides in /usr/local/bin, will audit the computer daily at 11:30 AM and will send the generated audit snapshot files via email to collector@example.com.

For details on scheduling tasks using launchd, see the launchd(8), launchd.plist(5), and launchctl(1) man pages.