How To run update inventory Hourly?

kadams
Contributor

Hi guys, I hope you all are doing well today. I have a question about inventory updates. Im testing something out and I would like to have inventory updates occur at least once every hour. Have any of you ever done this?

13 REPLIES 13

allanp81
Valued Contributor

Jamf's internal policy function doesn't support that frequency but in theory you could just use a launch daemon on the device to run "jamf recon" every 60 minutes.

There's a launch daemon creation tool here that I found: https://github.com/PhantomPhixer/Phixits

jsherwood
Contributor

As @allanp81 says, a launch daemon is probably the easiest way around this as the Jamf Pro scheduling isn't that granular.

Out of interest, how many computers will be checking in that frequently? If it's low numbers then it's not too big an issue however during our Jumpstart we were advised against running inventory collection too frequently due to each run creating a new database page for each computer and this adding unnecessary load tot he database.

mm2270
Legendary Contributor III

An hourly inventory collection across your Mac fleet is going to hammer the database and cause unnecessary bloat. I don't really recommend that, but I'm curious about what you're testing and why this might be needed. There might be some other approach you can take that would work better.

woodsb
Contributor

@kadams Assuming that you don't want to change your check-in interval, you'll need to create a launch daemon that runs "sudo jamf recon" every hour. Otherwise you can create a policy with a maintenance payload (inventory update). Set that policy to ongoing at recurring check-in. Then change your check-in time to an hour.

kadams
Contributor

@mm2270 , we have some software that needs to remain on our managed devices. I have a smart group set to install this software each time its removed. Without an inventory update, Jamf doesn't know the software is removed. Therefore, the software doesn't reinstalled.

tmccleary
New Contributor

Rather than hammering the JAMF database, I would suggest create a script to run on an interval on your devices that checks to see if the software is still there. If not, have it run the JAMF policy to reinstall it (set the policy to "ongoing").

mm2270
Legendary Contributor III

@kadams Is this software really so important that it can't wait one day (a more normal inventory collection schedule) before being reinstalled? I mean, maybe it really is that important, but I'm having a hard time believing that it can't wait one day. In many cases, it might be less than 1 day since some of your other policies that run on the Macs may already be collecting inventory as part of the policy settings.

Also, as @tmccleary stated, you could use a script that calls a custom trigger for this which won't enlarge the database just to run a recurring policy on check-in.

kadams
Contributor

@mm2270 , it's our antivirus software. I feel like I would have to remove some of my smart groups. I have a couple that scoped to certain policies. They are meant to reinstall software that have been removed.

sdagley
Esteemed Contributor II

@kadams Rather than inventory every hour perhaps a LaunchDaemon that watches the path to the directory your AV is installed in which will do a recon if the contents change/disappear? That would in theory trigger the re-install on the next check-in with your JSS if it has been removed.

wesleya
Contributor

You could even have Jamf run a script on every check-in that checks for the app (Jamf itself runs on a LaunchDaemon, so it simplifies having to put something local on the computers). If it didn't find the app, then it could run the policy trigger to install your organization's antivirus. Something like this:

#!/bin/sh

if [[ -d ! /path/to/antiVirus.app ]]
then
    jamf policy -event installAntiVirus
fi

exit 0

kadams
Contributor

@wesleya , yeah my manager doesn't want anything locally on the machine. I mentioned launch daemons and he was instantly against that. I will try and see if i can make something out of this script you've posted. I really need a linux bootcamp..

sdagley
Esteemed Contributor II

@kadams It seems reasonable to ask if you're worried your users will be removing your AV software, what makes you think the Jamf install is going to survive?

stephanpeterson
Contributor

@kadams Yeah, this seems to be one of those situations meets the saying - "It's not an IT or technology issue, it's an HR issue."