Skip to main content

We use Jamf Connect Menu to manage domain passwords on our Macs.  I had an end user this week report that the countdown of their password displayed a "-1" instead of the 20 something days they thought they had left.  I worked with Jamf Support and by the time the end user worked around to me for assistance, they had already changed their password and so, any logs which may have pointed to something helpful were overwritten and didn't help.  

In light of that, I learned what Jamf Connect logs were most helpful in that situation and I created a script to gather them and upload them into Jamf.  I'd like to share it here in case others may find it useful also.  To be clear, I took what @kc9wwh (Josh Roskos) at Jamf had for uploading logs into Jamf and tweaked it to gather only the JC logs needed.  (Thanks Josh...! He deserves the credit.). I configured the script with encrypted password strings.  Josh explains all that on his post here: https://github.com/kc9wwh/logCollection

This script will pull the 3 Jamf Connect logs:

  • JamfConnect.log
  • Heimdal.log
  • JamfConnectState file (uploaded as a plist)

After this is ran, it's available as an attachment in the computer record of the end user who ran it.  I decided to put it in Self Service and if anyone has the "-1" indicator on their Jamf Connect Menu bar, I will direct them to this.  Hope others find it helpful as well. 

#!/bin/bash # # Thanks Josh Roskos # This script will pull important logs when you need to troubleshoot Jamf Connect. # It will pull three logs: JamfConnect log, Heimdal log and pull the Jamf Connect State plist file. # They get put into the folder: /tmp/jcLogs/ and then get zipped up in /tmp as one .zip file in this format: # <compName>-<currentuser>-<date.time.stamp>.zip # bearerToken="" tokenExpirationEpoch="0" ## User Variables jamfProURL="$4" jamfProUser="$5" jamfProPassEnc="$6" ## Variables mySerial=$( system_profiler SPHardwareDataType | grep Serial | awk '{print $NF}' ) currentUser=$( stat -f%Su /dev/console ) compHostName=$( scutil --get LocalHostName ) timeStamp=$( date '+%Y-%m-%d-%H-%M-%S' ) jamfProPass=$( echo "$6" | /usr/bin/openssl enc -aes256 -d -a -A -S "$7" -k "$8" ) getBearerToken() { response=$(curl -s -u "$jamfProUser":"$jamfProPass" "$jamfProURL"/api/v1/auth/token -X POST) bearerToken=$(echo "$response" | plutil -extract token raw -) tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}') tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s") } checkTokenExpiration() { nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s") if [[ tokenExpirationEpoch -gt nowEpochUTC ]] then echo "Token valid until the following epoch time: " "$tokenExpirationEpoch" else echo "No valid token available, getting new token" getBearerToken fi } invalidateToken() { responseCode=$(curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfProURL/api/v1/auth/invalidate-token -X POST -s -o /dev/null) if [[ ${responseCode} == 204 ]] then echo "Token successfully invalidated" bearerToken="" tokenExpirationEpoch="0" elif [[ ${responseCode} == 401 ]] then echo "Token already invalid" else echo "An unknown error occurred invalidating the token" fi } # Make a directory to store the JC Logs we want mkdir /tmp/jcLogs/ # Jamf Connect commands to pull the needed logs log show --style compact --predicate 'subsystem == "com.jamf.connect"' --debug > /tmp/jcLogs/JamfConnect.log log show --style compact --predicate 'subsystem == "com.apple.Heimdal"' --debug > /tmp/jcLogs/Heimdal.log defaults read com.jamf.connect.state > /tmp/jcLogs/jamfConnectState.plist # Log creation fileName=$compHostName-$currentUser-$timeStamp.zip zip -r /tmp/$fileName /tmp/jcLogs/ checkTokenExpiration curl -s -H "Authorization: Bearer ${bearerToken}" $url/api/v1/jamf-pro-version -X GET checkTokenExpiration # Query the Jamf server for the ID of the computer we need the logs from jamfProID=$(/usr/bin/curl -X GET "$jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general" -H "accept: application/xml" -H "Authorization: Bearer ${bearerToken}" | xpath -e "//computer/general/id/text()" ) # Post up to our Jamf Server the logs we just gathered curl -k -u "$jamfProUser":"$jamfProPass" $jamfProURL/JSSResource/fileuploads/computers/id/$jamfProID -F name=@/private/tmp/$fileName -X POST invalidateToken # Remove the files from the device rm /private/tmp/$fileName exit 0

 

Getting an error when running.

Failed conversion of ``<stdin>: Could not extract value, error: No value at that key path or invalid key path: expires'' using format ``%Y-%m-%dT%T''
date: illegal time format
usage: date [-jnRu] [-I[date|hours|minutes|seconds]] [-f input_fmt]
[-r filename|seconds] [-v[+|-]val[y|m|w|d|H|M|S]]
[[[[mm]dd]HH]MM[[cc]yy][.SS] | new_date] [+output_fmt]