Help

changing the amount of time install.log is kept

jamfgeorg
New Contributor II

Posted on ‎12-15-2023 11:01 AM

according to jamf protect I am supposed to set computers to keep the install.log file for 365 days, does anyone know how you can do this, preferably in a policy or config profile so it can be done on a larger scale.

0 Kudos
Reply
1 REPLY 1

Tribruin
Valued Contributor II

Posted on ‎12-15-2023 01:20 PM

That setting is part of the CIS compliance settings. You should be looking at:

https://trusted.jamf.com/docs/establishing-compliance-baselines

and 

https://github.com/usnistgov/macos_security

For help in creating policies and profiles to set and audit these settings. Jamf Compliance Editor is a very nice front end to mSCP. 

(FYI, there is the command that mSCP uses to make this change.

/usr/bin/sed -i '' "s/\* file \/var\/log\/install.log.*/\* file \/var\/log \/install.log format='\$\(\(Time\)\(JZ\)\) \$Host \$\(Sender\)\[\$\(PID\\)\]: \$Message' rotate=utc compress file_max=50M size_only ttl=365/g" /etc/asl/com.apple.install
0 Kudos
Reply