Apple 10.6 manual There are two main notification daemons syslogd and emond

There are two main notification daemons: syslogd and emond.

ÂÂ syslogd: The syslogd daemon is a standard UNIX method of monitoring systems. It logs messages in accordance with the settings found in /etc/syslog.conf. You can examine the output files specified in that configuration by using a file printing or editing utility because they are plain text files. Administrators can edit these settings to fine-tune what is being monitored.

Many administrators will tail or scrape the log file, meaning they will have scripts parse the log files and perform some action if a designated bit of information is present in the log. These home-grown notifications vary in quality and usefulness and are tailored to the script-writer’s specific needs.

You can configure the syslogd daemon to send and receive log file information to or from a remote server (by editing /System/Library/LaunchDaemons/com.apple.syslogd.plist). This is not recommended because syslogd does not use secure means to send log messages across the net.

ÂÂ emond: The emond daemon is the event monitoring system for

Mac OS X Server v10.6. It is a unified process that handles events passed from other processes, acts on the events as designated in a defined rule set, and then notifies the administrator.

Currently, emond is the engine used for Server Admin’s mail notification system. It is not used for Server Monitor’s notifications.

The high-level service receives events from the registered client, analyzes whether the event requires handing based on rules provided by the service at the time it was registered and, if handling is required, the action related to that event is performed. To accomplish this the emond daemon has three main parts: the rules engine,

the events it can respond to, and the actions it can take. The emond rules engine works in the following manner. It:

ÂÂ Reads the config info from /etc/emond.d/emond.conf.

ÂÂ Reads in the rules from plist files in the /etc/emond.d/rules/ directory.

ÂÂ Processes the startup event.

ÂÂ Accepts events until terminated.

ÂÂ Processes the rules associated with the event, triggering as needed.

ÂÂ Performs actions specified by the rules that were triggered.

ÂÂ Runs as the least privileged possible (nobody).

WARNING: The file formats and settings in emond.conf and rules plists are not documented for customer use. Tampering could result in an unusable notification system and is unsupported.