Detecting Run Away Policies

ctangora
Contributor III

Anybody have a best practice for spotting policies that are running out of control?

Occasionally we will find a mis-configured policy that runs every day or every week with no control. Short of spot inspecting policy logs, is there a way anyone knows of to find these kinds of errors?

Thanks.

-c

2 REPLIES 2

were_wulff
Valued Contributor II

@ctangora

Well, from within MySQL, you could do some variants of a select.

Something like

select policy_id,name from policies where execution_frequency = “ongoing”; and trigger_event_checkin = “1” and use_for_self_service = "0";

for ongoing policies triggered by check in that aren't available in Self Service (since Self Service policies are commonly set to ongoing if they're meant to be always available).

describe policies; will give a list of the different fields that can be used in variants of the above.

Since those are select statements, it's not going to do any harm to the database but, as always, we recommend taking a backup before poking around in the MySQL CLI.

There’s probably a nicer, easier, more script-y or SQL query-like way to do it (that someone else here would be significantly better at than I am), but my first place to jump for things like that is right into MySQL if I’m just looking for a list and not a report.

Amanda Wulff
JAMF Software Support

ryan_ball
Valued Contributor

If anybody is wondering, the above sql query did not function on my DB, but this slightly altered query did:

SELECT policy_id,name FROM policies WHERE execution_frequency = 'ongoing' AND trigger_event_checkin = "1" AND use_for_self_service = "0";