How-to

How to schedule uploading audit results via FTP on macOS

Updated in 2022.2

Alloy Discovery offers the ability to deliver audit snapshots from remote sites over FTP, FTPS, or SFTP. The feature is supported for Windows, Linux, and macOS computers. This article describes how to set up the audit of macOS computers so that it regularly runs and delivers audit snapshots via FTP.

Here are the steps you should take:

  1. Prepare an audit package

  2. Schedule the audit

  3. Receive the audit results

Prepare an audit package

First, launch Alloy Discovery, set up an audit source and prepare a deployable audit package for macOS audit.

  1. If you already have an FTP Audit Source in Alloy Discovery, you can use your existing source that already receives audit snapshots from remote Windows computers or sites. That source can also receive audit results from macOS computers.

    If you don't have such a source or you want different settings for receiving macOS snapshots, create a new audit source:

    1. Open the properties of a site and click New > FTP under Audit Sources.

    2. On the General tab, type in a source name.

      TIP: You can keep the Audit Profile setting to the default value, because macOS audit does not apply any audit profile settings anyway.

    3. Switch to the FTP tab and fill out the Outgoing Server for the Audit Agent section: specify which FTP / SFTP server in the remote network the audit agent will use for sending the audit snapshots to Alloy Discovery, provide the credentials of a user having Write access to that FTP server, and test your connection.

    4. Under Incoming Server for audit snapshots, configure the settings for the FTP server that will handle receiving audit snapshots. Provide the credentials for an account that has Read access to the specified FTP resource, and test your connection.

      TIP: If you plan to use the same server as for receiving audit snapshots, keep the Use same settings as my Outgoing Server check box selected.

    5. To enable the Inventory Server to check the FTP server for new snapshots automatically, keep the Check for new snapshots every check box selected and specify the frequency for checking the FTP server. That frequency is also called the "upload interval."

    6. Click Apply to save your settings. Your audit source is ready.

      INFO: For detailed instructions on creating FTP audit sources, see Adding FTP Audit Sources.

  2. In the same [Audit Source Name] dialog box, create a deployable audit package.

    1. Go back to the General tab and click Create Package.

    2. In the Deploy Agents dialog box, make sure you have the Mac OS check box selected. Your package will include audit agents for the platforms you select here.

    3. Create an audit package in any folder on your local computer.

  3. Get to your destination folder and see what your package contains:

    • AuditData - the folder in which audit snapshots are stored before loading or sending them to the database
    • ina_mac — the audit agent for macOS, also called the Mac Inventory Analyzer
    • ina_mac.ini — the configuration file for the Mac Inventory Analyzer
    • other additional files

  4. Copy the package to one of your macOS machines. For example, here: /usr/local/bin/.

  5. On the macOS machine, in the Terminal window, run chmod +x ina_mac. This will make ina_mac executable.

Schedule the audit

Schedule the audit using the launchd daemon, an advanced system process manager.

INFO: For additional information about using launchd, see Creating MacOS startup jobs with launchd.

You can use the plist file below as a template.

plist 
<?xmlversion="1.0" encoding="UTF-8"?>
<!DOCTYPEplist PUBLIC "-//AppleComputer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plistversion="1.0">
	<dict>
		<key>Label</key>
		<string>ina_mac daily</string>
		<key>ProgramArguments</key>
		<array>
			<string>/usr/local/bin/run-ina-mac</string>
		</array>
		<key>LowPriorityIO</key>
		<true/>
		<key>Nice</key>
		<integer>1</integer>
		<key>UserName</key>
		<string>root</string>
		<key>StartCalendarInterval</key>
		<dict>
			<key>Hour</key>
			<integer>11</integer>
			<key>Minute</key>
			<integer>30</integer>
		</dict>
	</dict>
</plist>

where:

  • /usr/local/bin/ - the path to the audit package
  • <key>Hour</key>, <integer>11</integer>, <key>Minute</key>, <integer>30</integer> - the schedule to start the audit every day at 11:30 AM

NOTE: You may need to replace the sample values with your actual ones.

Receive the audit results

Once you have set up the FTP audit source and automated the audit of macOS machines using the launchd daemon, the Inventory Server instance associated with the site will automatically check the FTP Server for new snapshots and upload audit snapshots to Alloy Discovery.

If you have disabled auto-upload in the audit source or when you do not want to wait until the current upload interval ends, you can check the audit source manually and immediately receive all pending audit data as follows.

  1. In Alloy Discovery, select Audit > Receive Snapshots from the main menu. The Receive Snapshots dialog box opens.

  2. Select the source to check and click OK. As soon as the Inventory Server instance finishes the new "Check" task, new snapshots (if any were available at the moment) will appear in Alloy Discovery.

INFO: For details on receiving snapshots, see Administration Guide: Checking Audit Sources for New Snapshots.

Related Information:

Creating MacOS startup jobs with launchd

Alloy Discovery Help: Mac Inventory Analyzer

Administration Guide: Scheduling the Audit on Linux and Mac Machines

Administration Guide: Overview of Audit Methods