- Jamf Nation Community
- Products
- Jamf Pro
- Is there a way to retrieve a file remotely and rec...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Is there a way to retrieve a file remotely and receive a notification when policy executes?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2024 05:48 AM
I created the MakeMeAnAdmin Policy and made it available in Self Service and it is working well and creating the log file at the end.
Is there a way to retrieve that file without having to engage / bother end user?
The following options would have to engage end user, no?
1. https://github.com/kc9wwh/logCollection/wiki
2. JamfRemoteAssist
AND
Is there a way I can receive a notification when an end user executes that policy (when they click on "run" on the MakeMeAnAdmin button in self service)?
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2024 07:29 AM - edited 01-02-2024 07:32 AM
There is an API call you can use to grab files from the Mac and upload it to the record of the Mac in Jamf. The path is "/fileuploads/{resource}/{idType}/{id}" in the classic API. They are found on the attachment tab of the computer record
To get a notification of when the policy runs, you could lay down a receipt file and use a smart group that is looking for the file and use a webhook to get notified in something like Teams or Slack. really anything would work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2024 07:33 AM
It's possible to do via the Jamf API, but it involves passing credentials down to the Mac during script execution for a Jamf account that has write privileges to the computer object, so whether this is considered a "good" method depends on you and your organizations comfort level with such a thing.
But the gist is, each computer record can have attachments added to them. This can be done, and often IS done, thru the Jamf Pro UI. But it can also be done using the API with the right syntax. This would add the log file to the computer under the Attachments section where you can then retrieve it by downloading it to your machine.
Probably the better long term solution would be to look at some kind of external logging solution, like a SIEM or something similar that can collect logs from clients. That would probably be more secure, though maybe not as easy to implement, unless you already have something like this in your org that you can tap in to.
As for receiving a notification when an end user executes a Self Service policy, that's a little trickier. But maybe something like this could work.
Have the policy write some entry into a local plist or log file, or update one of the same. Create an Extension Attribute that captures some details from this log/plist file. Based on how you set it up, you could have a Smart Computer Group that devices get added to when that file is updated with some value or the date in it changes to within a threshold you choose. If you have an SMTP server set up to send emails, you can be notified of group changes to this Smart Computer Group, so you'll know a Mac landed in that group, which would mean the user ran the policy. This is dependent on making sure an inventory collection is taken immediately after the policy runs of course.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2024 07:40 AM
BTW, I should mention that the logCollection.sh script from Joshua Roskos that you listed above uses the API method I mentioned, in case you were ok with using that. Most of the heavy lifting is already done with that script. But note that it hasn't been updated to account for the API token requirement that will soon be needed when using the API. While it may work right now, eventually it will stop working until it's updated.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2024 11:10 AM
Ok, this is all really great info. Thanks so much everyone.
I will have to set up and test with API.
Thanks again!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2024 11:53 AM
If you want to be lazy, you can create a file and an extension attribute looking for said file.
- Add a line to the script that creates a file like touch /tmp/log/admin.log (or use something that already exists in the script)
- Have an inventory update payload on the policy.
- Create an extension attribute looking for that file.
- Create a smart group for devices with that file and enable email notifications when someone is added.
This will cause JAMF to email you after the make me an admin policy finishes as the devices are added to the smart group because /tmp/log/admin.log exists on the device. You can have your demotion workflow remove that file which would remove the device from the smart group on next inventory update.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2024 09:31 AM
Thank you so much for your idea!!!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7 hours ago
I have implemented a similar Use-Case and went with a custom trigger:
https://community.jamf.com/t5/jamf-pro/understanding-custom-triggers/m-p/192897
I have a logCollection Policy that can be launched from Self Service or by the custom trigger "log_collection".
I guess you could add another Script that notifies you.
