Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 184

Advertising

There are two main notification daemons: syslogd and emond.

syslogd: The syslogd daemon is a standard UNIX method of monitoring systems.
It logs messages in accordance with the settings found in /etc/syslog.conf. You can
examine the output files specified in that configuration by using a file printing or
editing utility because they are plain text files. Administrators can edit these settings
to fine-tune what is being monitored.
Many administrators will tail or scrape the log file, meaning they will have scripts
parse the log files and perform some action if a designated bit of information is
present in the log. These home-grown notifications vary in quality and usefulness
and are tailored to the script-writer’s specific needs.
You can configure the syslogd daemon to send and receive
log file information to or from a remote server (by editing
/System/Library/LaunchDaemons/com.apple.syslogd.plist). This is not recommended
because syslogd does not use secure means to send log messages across the net.

emond: The emond daemon is the event monitoring system for
Mac OS X Server v10.6. It is a unified process that handles events passed from other
processes, acts on the events as designated in a defined rule set, and then notifies
the administrator.
Currently, emond is the engine used for Server Admin’s mail notification system.
It is not used for Server Monitor’s notifications.
The high-level service receives events from the registered client, analyzes whether
the event requires handing based on rules provided by the service at the time it was
registered and, if handling is required, the action related to that event is performed.
To accomplish this the emond daemon has three main parts: the rules engine,
the events it can respond to, and the actions it can take.
The emond rules engine works in the following manner. It:

Reads the config info from /etc/emond.d/emond.conf.

Reads in the rules from plist files in the /etc/emond.d/rules/ directory.

Processes the startup event.

Accepts events until terminated.

Processes the rules associated with the event, triggering as needed.

Performs actions specified by the rules that were triggered.

Runs as the least privileged possible (nobody).

WARNING:

The file formats and settings in emond.conf and rules plists are not

documented for customer use. Tampering could result in an unusable notification
system and is unsupported.

184

Chapter 8

Monitoring Your System

Advertising