Extension Attribute to Detect Stuck MDM Commands Using Logs or API?

falc0n
New Contributor II

Hi Jamf Community,

I’m working on setting up an Extension Attribute (EA) to automatically detect devices with stuck MDM commands (e.g., commands that are pending or failed for an extended period). The goal is to use this EA as a trigger for a self-healing policy that runs once daily for affected devices.

Here’s what I’ve considered so far:

1. API Approach:

• I explored the Jamf API but haven’t found an endpoint that provides detailed or reliable information about stuck commands.

• If there’s a way to identify such commands via the API, I’d love some pointers or examples!

2. Local Machine Logs Approach:

• This seems like the most promising path. My idea is to check logs on the local machine for the last executed MDM command and flag devices where no command has been executed in the past 24 hours (or based on statuses).

• Are there specific logs or methods Can I extract this information programmatically?

 

If anyone has experience implementing a similar solution or insights into logs, commands, or API usage for this purpose, I’d greatly appreciate your help.

 

Thanks in advance for sharing your expertise!

2 REPLIES 2

Shyamsundar
New Contributor III

I don't believe we have the option to create an EA to find devices with pending or failed MDM commands. Instead, you can issue remote commands to cancel all pending and failed MDM commands. To do this,

  • open a smart group that contains all the Mac devices
  • click on "Action
  • select "Cancel Management Command,"
  • click "Next"
  • choose "Cancel all Failed and Pending Commands."

Screenshot 2024-11-18 at 21.47.18.pngScreenshot 2024-11-18 at 21.47.47.png

A_Collins
Contributor

The command you are looking is 

curl -X 'GET' \
  '$yourjssurl/JSSResource/computerhistory/id/cmpJSS_ID(you can get ths with another query)/subset/Commands' \
  -H 'accept: application/xml' \
  -H 'Authorization: Bearer $yourtoken'

 

This will give you all commands history computer has, completed, failed and pending. Then you can filter pending and failed ones using jq or grep/sed