- Jamf Nation Community
- Products
- Jamf Pro
- Re: Is it possible to grab a log file on a macOS s...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Is it possible to grab a log file on a macOS system and upload it somewhere else through jamf?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-07-2022 10:19 AM
We have a 'Make Yourself an Admin for 10 Min" self service that stores logs for those 10 min. Issue is I am not sure how to grab them or get them somewhere where we can do spot checks. Is this possible?
Reply
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-07-2022 11:18 AM
Using the API, you can upload a log to the computer record in Jamf. Take a look at the filesupload in the API.
You can POST different types of files by entering parameters for {resource}, {idType}, and {id}, for example /JSSResource/fileuploads/computers/id/2. Attachments can be uploaded by specifying computers, mobiledevices, enrollmentprofiles, printers, or peripherals as the resource. Icons can be uploaded by specifying policies, ebooks, or mobiledeviceapplicationsicon as the resource. A mobile device application can be uploaded by using mobiledeviceapplicationsipa. A disk encryption can be uploaded by specifying diskencryptionconfigurations as the resource. idTypes supported are id and name, although peripheral names are not supported. A sample command is curl -k -u user:password https://my.JamfPro:8443/JSSResource/fileuploads/computers/id/2 -F name=@/Users/admin/Documents/Sample.doc -X POST
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-07-2022 12:08 PM
Take a look at this script in Jamf's Github repository:
https://raw.githubusercontent.com/kc9wwh/logCollection/master/logCollection.sh
You can create a script with a script argument that points to log file(s) you want to collect and it will upload them to the Jamf attachments for that computer.
Just adding the obligatory note, putting user credentials in a script that runs on local computers is bad security practice. Consider your options and, if you choose to do this, use a API users with the absolute minimum permissions required.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-07-2022 02:47 PM
Problem I had with this is the log files always come into attachments blank theres nothing in them but if I view them on the local machine there is thousands of lines of logs
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-08-2022 05:45 AM
Depends on what exactly you are wanting to do and why.
If it was me. I would add a function to the privilege demotion script (make me an admin no more) to mount a SMB share hidden using a service account, and copy the log file over to that share and unmount the share. If SMB is not an option you could use CLI with CURL or JAMF API to do the thing. You would need a naming convention for the log file so you could find what you want, but this would escrow logs in a save nonlocal location. Identity and Privilege management is outside of the work flow for MDM, you will find better tools equipped for IDM and Access Logging than JAMF Pro.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-08-2022 07:30 AM
grep the log in the policy via files and processes? this will grab the logs for today.. note you'll need to fix the date to your date log.. this is YYYY-MM-DD, you'll get the output in the policy log..
grep "`date +"%Y-%m-%d"`" /PATH TO YOUR LOG
