Skip to main content
Question

Crowdstrike Log gathering script

  • August 3, 2023
  • 1 reply
  • 3 views
J
Forum|alt.badge.img+7
#!/bin/bash # Written by Justin Repasky 08/03/2023 # Runs Crowdstrike's diagnose command and outputs results to /Users/Shared/Diagnostics # Crowdstrike command includes macOS system diagnostics logs command_to_run="/Applications/Falcon.app/Contents/Resources/falconctl diagnose --silent" target_text="Falcon sensor diagnostics are complete. Please send this file to CrowdStrike Support" target_folder="/Users/Shared/Diagnostics" date_time=$(date +"%Y%m%d-%H-%M-%S") mkdir "$target_folder" 2>/dev/null $command_to_run | while IFS= read -r line; do echo "$line" if [[ $line =~ $target_text.*(/tmp/[^[:space:]]+) ]]; then path="${BASH_REMATCH[1]}" echo "Path found: $path" # Move zip file from tmp folder to /Users/Shared/Diagnostics mv $path "${target_folder}/falconctl_diagnose_${date_time}.zip" # Open /Users/Shared/Diagnostics so user can copy file to where we determine /usr/bin/open "$target_folder" fi done

    1 reply

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3537 replies
    • August 4, 2023

    @jrepasky Your script could definitely be useful for orgs deploying CrowdStrike, but it would be better to post it under Products->Jamf Pro. @JustinV if you agree with that assessment can you relocate this thread (and remove this reply)?

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings