- Jamf Nation Community
- Products
- Jamf Pro
- Extension attribute to search superman log file
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2024 04:31 AM
Hi there,
I've been trying to find a way to get an extension attribute in Jamf to look at "/Library/Management/super/super.log" for a line:
Parameter Error: You can not use both the --deadline-count-soft and --deadline-count-hard options at the same time. You must pick one deadline count behavior.And report the result of true/false. I have a policy setup to uninstall and reinstall super from there.
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2024 06:26 AM
You would need to use macOS log predicates, and query macOS Event Logging which should not be done with an Extension Attribute. At least I would not recommend trying to parse event logs with an Extension Attribute. Terminal can open a log file with Vim or Nano, but those are text editors and there is not a way for them to tell you if a value is in the log.
You really want a tool that monitors macOS Event logs and notifies or redirects when a particular event happens. This is not something Jamf Pro can do, however Jamf Protect can. Jamf Protect can even trigger a Jamf Pro policy when it sees an event such as one to reinstall Super if you wanted.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2024 05:05 AM
The request from @_aDiedericks was to check the "/Library/Management/super/super.log" log file, not the system log stream, so there is no need to query macOS Event Logging and a simple grep of the contents of that file like the EA below would do what they ask:
#!/bin/sh
LogToQuery="/Library/Management/super/super.log"
result="false"
if [ -e "$LogToQuery" ]; then
errorFound=$(/usr/bin/grep '--deadline-count-soft and --deadline-count-hard' "$LogToQuery")
if [ -n "$errorFound" ]; then
result="true"
fi
fi
echo "<result>$result</result>"The caveat on using this EA is that once the error is in the super.log file it will _always_ return true, so the policy to re-install super should nuke the log file so it's not triggered repeatedly.
Reply
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2024 06:26 AM
You would need to use macOS log predicates, and query macOS Event Logging which should not be done with an Extension Attribute. At least I would not recommend trying to parse event logs with an Extension Attribute. Terminal can open a log file with Vim or Nano, but those are text editors and there is not a way for them to tell you if a value is in the log.
You really want a tool that monitors macOS Event logs and notifies or redirects when a particular event happens. This is not something Jamf Pro can do, however Jamf Protect can. Jamf Protect can even trigger a Jamf Pro policy when it sees an event such as one to reinstall Super if you wanted.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2024 05:05 AM
The request from @_aDiedericks was to check the "/Library/Management/super/super.log" log file, not the system log stream, so there is no need to query macOS Event Logging and a simple grep of the contents of that file like the EA below would do what they ask:
#!/bin/sh
LogToQuery="/Library/Management/super/super.log"
result="false"
if [ -e "$LogToQuery" ]; then
errorFound=$(/usr/bin/grep '--deadline-count-soft and --deadline-count-hard' "$LogToQuery")
if [ -n "$errorFound" ]; then
result="true"
fi
fi
echo "<result>$result</result>"The caveat on using this EA is that once the error is in the super.log file it will _always_ return true, so the policy to re-install super should nuke the log file so it's not triggered repeatedly.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-18-2024 07:50 AM
Thanks! Your script works. I already had the policy configured to delete super.log after run, that should make this a self sustainable process. I just had to correct the LogToQuery reference directory as well as the grep search for some reason '--deadline-count-soft and --deadline-count-hard' just kept reporting false even though the log stated true. End result is as below:
#!/bin/sh
LogToQuery="/Library/Management/super/logs/super.log"
result="false"
if [ -e "$LogToQuery" ]; then
errorFound=$(/usr/bin/grep 'You can not use both the --deadline-count-soft and --deadline-count-hard options at the same time. You must pick one deadline count behavior.' "$LogToQuery")
if [ -n "$errorFound" ]; then
result="true"
fi
fi
echo "<result>$result</result>"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2024 07:45 PM
I know it's a bit of a hammer approach, but wouldn't applying the corrected policy with right options to every machine fix your problem?
