Filter
Top Products
There are two main notication daemons: syslogd and emond.
 syslogd: The syslogd daemon is a standard UNIX method of monitoring systems.
It logs messages in accordance with the settings found in /etc/syslog.conf. You can
examine the output les specied in that conguration by using a le printing or
editing utility because they are plain text les. Administrators can edit these settings
to ne-tune what is being monitored.
Many administrators will tail or scrape the log le, meaning they will have scripts
parse the log les and perform some action if a designated bit of information is
present in the log. These home-grown notications vary in quality and usefulness
and are tailored to the script-writer’s specic needs.
You can congure the syslogd daemon to send and receive
log le information to or from a remote server (by editing
/System/Library/LaunchDaemons/com.apple.syslogd.plist). This is not recommended
because syslogd does not use secure means to send log messages across the net.
 emond: The emond daemon is the event monitoring system for
Mac OS X Server v10.6. It is a unied process that handles events passed from other
processes, acts on the events as designated in a dened rule set, and then noties
the administrator.
Currently, emond is the engine used for Server Admin’s mail notication system.
It is not used for Server Monitor’s notications.
The high-level service receives events from the registered client, analyzes whether
the event requires handing based on rules provided by the service at the time it was
registered and, if handling is required, the action related to that event is performed.
To accomplish this the emond daemon has three main parts: the rules engine,
the events it can respond to, and the actions it can take.
The emond rules engine works in the following manner. It:
Reads the cong info from /etc/emond.d/emond.conf. Â
Reads in the rules from plist les in the /etc/emond.d/rules/ directory. Â
Processes the startup event. Â
Accepts events until terminated. Â
Processes the rules associated with the event, triggering as needed. Â
Performs actions specied by the rules that were triggered. Â
Runs as the least privileged possible (nobody). Â
WARNING: The le formats and settings in emond.conf and rules plists are not
documented for customer use. Tampering could result in an unusable notication
system and is unsupported.
184 Chapter 8 Monitoring Your System