#!/bin/bash
# Written by Justin Repasky 08/03/2023
# Runs Crowdstrike's diagnose command and outputs results to /Users/Shared/Diagnostics
# Crowdstrike command includes macOS system diagnostics logs
command_to_run="/Applications/Falcon.app/Contents/Resources/falconctl diagnose --silent"
target_text="Falcon sensor diagnostics are complete. Please send this file to CrowdStrike Support"
target_folder="/Users/Shared/Diagnostics"
date_time=$(date +"%Y%m%d-%H-%M-%S")
mkdir "$target_folder" 2>/dev/null
$command_to_run | while IFS= read -r line; do
echo "$line"
if [[ $line =~ $target_text.*(/tmp/[^[:space:]]+) ]]; then
path="${BASH_REMATCH[1]}"
echo "Path found: $path"
# Move zip file from tmp folder to /Users/Shared/Diagnostics
mv $path "${target_folder}/falconctl_diagnose_${date_time}.zip"
# Open /Users/Shared/Diagnostics so user can copy file to where we determine
/usr/bin/open "$target_folder"
fi
done
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.