Best way to collect log files

@jameson The API is your friend here...

You can upload files using the /fileuploads endpoint, the implementation notes from the API reference are as follows:

Implementation Notes You can POST different types of files by entering parameters for {resource}, {idType}, and {id}, for example /JSSResource/fileuploads/computers/id/2. Attachments can be uploaded by specifying computers, mobiledevices, enrollmentprofiles, printers, or peripherals as the resource. Icons can be uploaded by specifying policies, ebooks, or mobiledeviceapplicationsicon as the resource. A mobile device application can be uploaded by using mobiledeviceapplicationsipa. A disk encryption can be uploaded by specifying diskencryptionconfigurations as the resource. idTypes supported are id and name, although peripheral names are not supported. A sample command is curl -k -u user:password https://my.JamfPro:8443/JSSResource/fileuploads/computers/id/2 -F name=@/Users/admin/Documents/Sample.doc -X POST

Years ago i wrote a script that did this through the api.. keep in mind all these methods do add space to your database..
https://github.com/pingidentity/CorpIT/tree/Main/JAMF%20Scripts/Diagnostic%20Logs

Granted if i was todo it again i'd upload it to s3, google drive or something else ;)

Edit: Found another version that does a bunch of checks
https://github.com/matt-taylor934/loguploader/blob/master/loguploader.sh

I found and modified a script that zips and uploads the log files to our file share where all of our techs have access. Not sure it's used much but it's another tool in the arsenal.

Here's where it came from: https://jamfnation.jamfsoftware.com/discussion.html?id=18971

Credit to @CAJensen01

@rderewianko Thanks, that Script works for me. One question, how can I modify the script to also zip the crash logs in ~/Library/Logs/DiagnosticReports/

I know this is a slightly older post, but incase anyone is looking on how to do this...

@kc9wwh Wrote a slick script that works like a charm for uploading files using the API. Check it out here:

https://github.com/kc9wwh/logCollection

@nberanger I feel like such a noob, but do you know where those collected log files go?! I run the script but no idea where to find them!

@brooke.burdick The https://github.com/kc9wwh/logCollection script uploads the collected logs to your JSS as an attachment to the Computer record for the device, and you'll find the Attachments section under the Computer's Inventory section. Be sure to delete any attachments after you download them since they do take space in your database, and the database backups made until they're deleted.

@sdagley You beat me to it ;-)

@nberanger I didn't (and still don't) see your ID as a link in the question @brooke.burdick posted, so thought the post may not have the appropriate tags embedded and you weren't going to get a notification.

Dear @sdagley I have a cloud based Jamf Pro setup will it work in that as well ?

Because when I tried I get the Script Exit Code as 0 but in the JSS Inventory under Attachments I see no Attachments. Then via Terminal logs I see the following:

Melvin@Yen ~ % sudo jamf policy -id 59

Password:

Checking for policy ID 59...

Executing Policy logCollection.sh

Running script logCollection.sh...

Script exit code: 0

Script result:   adding: private/var/log/install.log (deflated 96%)

  adding: private/var/log/install.log.0.gz (deflated 25%)

  adding: private/var/log/jamf.log (deflated 91%)

  adding: private/var/log/system.log (deflated 86%)

  adding: private/var/log/system.log.0.gz (deflated 3%)

  adding: private/var/log/system.log.1.gz (deflated 3%)

  adding: private/var/log/system.log.2.gz (deflated 1%)

  adding: private/var/log/system.log.3.gz (deflated 0%)

  adding: private/var/log/system.log.4.gz (deflated 3%)

  adding: private/var/log/system.log.5.gz (deflated 2%)

  adding: private/var/log/system.log.6.gz (deflated 2%)

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   422  100   422    0     0   1032      0 --:--:-- --:--:-- --:--:--  1036

mismatched tag at line 10, column 2, byte 404:

<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>

Please continue your visit at our <a href="/">home page</a>.

</p>

=^

</body>

</html>

at /System/Library/Perl/Extras/5.30/darwin-thread-multi-2level/XML/Parser.pm line 187.

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  5 3757k  100   422    5  191k    698   317k  0:00:11 --:--:--  0:00:11  322k

<html>

<head>

<title>Status page</title>

</head>

<body style="font-family: sans-serif;">

<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>

<p>The request requires user authentication</p>

<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>

Please continue your visit at our <a href="/">home page</a>.

</p>

</body>

</html>

Running Recon...

Retrieving inventory preferences from https://softcellprod.jamfcloud.com/...

Finding extension attributes...

Locating applications...

Locating hard drive information...

Locating accounts...

Locating package receipts...

Searching path: /System/Applications

Locating software updates...

Locating printers...

Gathering application usage information from the JamfDaemon...

Searching path: /Applications

Locating hardware information (macOS 13.4.1)...

Submitting data to https://softcellprod.jamfcloud.com/...

<computer_id>12</computer_id>

Submitting log to https://softcellprod.jamfcloud.com/

Can you please help?

Dear @sdagley I tried and I am getting the below error:

Melvin@Yen ~ % sudo jamf policy -id 59

Password:

Checking for policy ID 59...

Executing Policy logCollection.sh

Running script logCollection.sh...

Script exit code: 0

Script result:   adding: private/var/log/install.log (deflated 96%)

  adding: private/var/log/install.log.0.gz (deflated 25%)

  adding: private/var/log/jamf.log (deflated 91%)

  adding: private/var/log/system.log (deflated 86%)

  adding: private/var/log/system.log.0.gz (deflated 3%)

  adding: private/var/log/system.log.1.gz (deflated 3%)

  adding: private/var/log/system.log.2.gz (deflated 1%)

  adding: private/var/log/system.log.3.gz (deflated 0%)

  adding: private/var/log/system.log.4.gz (deflated 3%)

  adding: private/var/log/system.log.5.gz (deflated 2%)

  adding: private/var/log/system.log.6.gz (deflated 2%)

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   422  100   422    0     0   1032      0 --:--:-- --:--:-- --:--:--  1036

mismatched tag at line 10, column 2, byte 404:

<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>

Please continue your visit at our <a href="/">home page</a>.

</p>

=^

</body>

</html>

at /System/Library/Perl/Extras/5.30/darwin-thread-multi-2level/XML/Parser.pm line 187.

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  5 3757k  100   422    5  191k    698   317k  0:00:11 --:--:--  0:00:11  322k

<html>

<head>

<title>Status page</title>

</head>

<body style="font-family: sans-serif;">

<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>

<p>The request requires user authentication</p>

<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>

Please continue your visit at our <a href="/">home page</a>.

</p>

</body>

</html>

Running Recon...

Retrieving inventory preferences from https://softcellprod.jamfcloud.com/...

Finding extension attributes...

Locating applications...

Locating hard drive information...

Locating accounts...

Locating package receipts...

Searching path: /System/Applications

Locating software updates...

Locating printers...

Gathering application usage information from the JamfDaemon...

Searching path: /Applications

Locating hardware information (macOS 13.4.1)...

Submitting data to https://softcellprod.jamfcloud.com/...

<computer_id>12</computer_id>

Submitting log to https://softcellprod.jamfcloud.com/

@melvinp Please see my response to the message you posted in https://community.jamf.com/t5/jamf-pro/retrieve-system-logs/m-p/295436#M261871 I don't know for sure the issue is Basic Auth instead of Bearer Token Auth but that's where I would start. I don't use that script anymore and I don't have the free time at the moment to make the needed revisions for you.

Hi all,

I had the same error as above but found it is in fact due to Jamf disabling Basic auth by default. But - you can override that. Log into jamf - Settings - users/groups - password policy... and check the box to allow Basic auth. Pay attention to the buttons re: forcing a password reset (it's not required). 

With that box checked, this script works. 

Does this logCollection script still work? It runs fine for me but I'm not seeing the attachment in my computer inventory record in Jamf.

Ah sorry nevermind, should have scrolled down!