Posted on 11-30-2016 04:27 AM
Hi all
I am using API for the first time ever.
The need to use API has crept up as I have discovered that apparently there is now the ability to flush a single policy for a single device by using the API protocols. It was apparently implemented in 9.96 - check it out here.
Looking at the JSS REST API Resource Documentation, I have worked out that I can use it to obtain the necessary JSS IDs for a computer and a policy.
However looking at the '/commandflush' aspect of the API, I just can't work out how I would get the specific policy for a specific computer to be flushed. Basically what I am after, is the ability to tell (or 'Put' in API language) for the status of a computer ID to be changed to 'Pending' for a particular policy ID.
This is my early attempt of creating a bash script to achieve this....
#!/bin/sh
jssAPIuser=[input a jss account]
jssAPIpassword=[input the password]
jssURL=[input your jss url]
macName='systemsetup -getcomputername | awk '{print $3}''
policyName=[input policy name] | sed 's/ /%20/g'
macJSSid=curl -H "Accept: text/xml" -sfku "$jssAPIuser:$jssAPIpassword" "$jssURL/JSSResource/computers/name/$macName" | xpath /computer/general/id[1] | awk -F'>|<' '{print $3}')
policyID=curl -H "Accept: text/xml" -sfku "$jssAPIuser:$jssAPIpassword" "$jssURL/JSSResource/policies/name/$policyName" | xpath /policy/general/id[1] | awk -F'>|<' '{print $3}')
From the above script, I am up to the point of where I have obtained the computer ID and the policy ID. I am now a bit lost as to taking it further to implement the 'Put' I am trying to accomplish.
Can anybody help me out further here please?
Thanks in advance.
Posted on 11-30-2016 08:14 AM
The JSS documentation says to use Delete and not Put. I'm using Delete in one of my scripts and it looks like this (notice -X DELETE)
curl -H "Accept: application/xml" -sfku "$username:$password" "$server/JSSResource/computers/serialnumber/$i" -X DELETE
Posted on 11-30-2016 09:23 AM
I'm going to throw my 2 cents in here
I think /commandflush is for MDM Management Commands unfortunately not policies. And I think it just will sort of reset all of them to be pushed again?
What you're looking for I think is under /logflush ...but good luck with it. Because I'm not sure either how to do it.
Posted on 12-01-2016 07:04 AM
And to save the day, some help from the MacAdmins slack channel.
You need to create some XML with the info.
<logflush> <log>policy</log> <log_id>1</log_id> <interval>THREE MONTHS</interval> <computers> <computer> <id>1</id> </computer> </computers> </logflush>
Then send it this way
curl -X DELETE https://your.jss.org/JSSResource/logflush -d '<XML>'
So mine I did to try and test
curl -sSkiu APIUser:'APIPass' "https://mycasperserver:8443/JSSResource/logflush" -H "Content-Type: text/xml" -d '<logflush><log>policy</log><log_id>1427</log_id><interval>Zero Day</interval><computers><computer><id>1533</id></computer></computers></logflush>' -X DELETE
This flushed the policy for that computer immediately.
Posted on 12-02-2016 01:04 AM
@boberito Thanks for helping out.
curl -sSkiu APIUser:'APIPass' "https://mycasperserver:8443/JSSResource/logflush" -H "Content-Type: text/xml" -d '<logflush><log>policy</log><log_id>1427</log_id><interval>Zero Day</interval><computers><computer><id>1533</id></computer></computers></logflush>' -X DELETE
I modified this for my setup, and it achieved a result. But rather than flushing a single policy, it instead flushed all of the policies for that one computer.
So I must have gone wrong somewhere...
What I did was changed the <log_id>1427</log_id>
value to the same policy ID value. As this is the only part of the XML that seems to suggest some logical of specifying the specific policy. Is that correct?
I also changed the <computer><id>1533</id></computer>
to ensure it only impacted the single computer (scope), which it seemed to have done correct.
Any ideas?
Many thanks.
Posted on 12-02-2016 05:42 AM
I have no idea. I wonder if it actually flushed all the policies as well for me! haha
Posted on 03-16-2017 05:22 AM
It flushes all policies for that machine for me. I think someone at JAMF forgot an 'AND' in the SQL command...
Posted on 03-16-2017 08:04 AM
I’ve also been playing around with this and found that all policies for the computer in question are flushed. Has anyone made any progress - or is it worth flagging this as a bug?
Posted on 03-16-2017 09:02 AM
An alternative approach that seems to work is by specifying only the policy and not referencing any machines. This seems to flush all logs for that policy - which is useful in certain circumstances.
ALL THE FOLLOWING SHOULD BE ON ONE LINE (the variables will need to have been assigned for it to work):
curl -vks -u $apiUser:$apiPass https://${jssAddress}:8443/JSSResource/logflush/policy/id/$policyID/interval/Zero+Day -X DELETE
Posted on 09-15-2021 08:33 AM
I'm trying to do this, but I keep getting "This Request requires user authentication". Any idea on what permissions are needed to do this?
Posted on 01-19-2018 06:27 AM
It flushes all for me. Would like to see this fixed so that our support tech can use our web portal instead of going to JSS.
Posted on 07-31-2019 05:04 AM
@amosdeane i used your one liner it works great,
I also try to get a one-liner to push a single policy to all computers in scope but can't find the syntax.
can you help?
Thanks.
Posted on 08-07-2022 06:25 PM
HI, I know this is an old post but I have run across the need to do this now. Is it possible using the API to flush the log of a policy just for 1 computer?
Posted on 12-17-2022 02:38 AM
This is unsupported by the looks if it:
Notice
The ability to flush logs is currently only supported for flushing all logs for a given policy or all logs for a given computer. There is no support for flushing logs for a given policy and computer combination.
From https://developer.jamf.com/jamf-pro/reference/logflush-1
Shame as it would be very useful!