Jamf Nation Community

If I wanted...

System.Log 90 Days and Install.Log 365 days would I just add it to the asl configuration? I've played with newsyslog and some of asl and had nothing. At this point its just for audit and they want to see the TTL age.

Whats the best way to edit the system log file to add ttl=90 to the line? Would you touch the file? Im looking for a way to script this so we can send these commands out to update the lines to add the ttl=XX.

sudo pico /etc/asl.conf

The ^ symbol means control and the commands are at the bottom of the window. So Control O means save (write out) and Control-X means Exit.

EDIT: Oh sorry - you mean via Jamf Command. You'll want to use sed for that.

mv /etc/asl.conf /etc/asl.conf.orig
sed 's/all_max=50M/all_max=50M ttl=180/g' > /etc/asl.conf

untested, but something like that should work. Be sure to check permissions.

Hey, i make this script to work on Catalina => Ventura, add "ttl=365" in "/etc/asl/com.apple.install". Hope it helps :

#!/bin/bash


installRetention="$(grep -i ttl /etc/asl/com.apple.install | awk -F'ttl=' '{print $2}')"

if [[ "$installRetention" = "" ]]; then
echo "Install Retention --> Not here"
mv /etc/asl/com.apple.install /etc/asl/com.apple.install.old
sed '$s/$/ ttl=365/' /etc/asl/com.apple.install.old > /etc/asl/com.apple.install
chmod 644 /etc/asl/com.apple.install
chown root:wheel /etc/asl/com.apple.install
echo "Key modified"
elif [[ "$installRetention" -lt "365" ]]; then
echo "Install Retention --> NOK"
mv /etc/asl/com.apple.install /etc/asl/com.apple.install.old
sed "s/"ttl=$installRetention"/"ttl=365"/g" /etc/asl/com.apple.install.old > /etc/asl/com.apple.install
chmod 644 /etc/asl/com.apple.install
chown root:wheel /etc/asl/com.apple.install
echo "Key modified"
else
echo "Install Rentention is : $installRetention --> OK"
fi