Skip to main content
Question

nxlog deployment security settings


Forum|alt.badge.img+8

We are rolling out NXLog to our Macs. I have the installer working, but don't have any security info to configure things like PPPC or  System Extensions. I was able to manually tick the box for Full Disk Access, but I am still getting an error message saying that im_maces|in NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security.

If I can find the Bundle ID and Identifier, I should be able to roll that info a PPPC configuration profile which will flip the switch to turn on the Full Disk Access during install, so I don't have to manually do that.

 

Then to clear the error message I am getting above, I likely need a Team Identifier and/or System Extension type for the System Extensions portion of the Configuration Profile in JAMF.

I have checked their website and don't seem to find anything there in the documentation or message boards about  any identifier. Is there a way to find this info out by looking on a system that has the software installed?

15 replies

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • August 4, 2022

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/) should show you the bundle identifier and signing ID for NXLog


Forum|alt.badge.img+8
  • Community Manager
  • 6 replies
  • August 4, 2022

.


Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • August 4, 2022
sdagley wrote:

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/) should show you the bundle identifier and signing ID for NXLog


I grabbed a copy of Apparency and installed it. I used the drag and drop method to take the binary of nxlog from /opt/nxlog/bin/ and try to get Apparency to open it up, but got an error message that says this doesn't appear to be a valid MacOS bundle. It says the extension suggests that it is a bundle, but the contents don't appear to be valid and that the info.plist may be damaged.

Thanks for the pointer to this utility - may come in handy.

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • August 4, 2022
VintageMacGuy wrote:
I grabbed a copy of Apparency and installed it. I used the drag and drop method to take the binary of nxlog from /opt/nxlog/bin/ and try to get Apparency to open it up, but got an error message that says this doesn't appear to be a valid MacOS bundle. It says the extension suggests that it is a bundle, but the contents don't appear to be valid and that the info.plist may be damaged.

Thanks for the pointer to this utility - may come in handy.

@VintageMacGuy Interesting they're installing a bundle from there as most companies using System Extensions appear to be moving to bundles inside applications installed in /Applications (and I believe that's either an Apple recommendation or soon to be requirement)


Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • August 4, 2022
sdagley wrote:

@VintageMacGuy Interesting they're installing a bundle from there as most companies using System Extensions appear to be moving to bundles inside applications installed in /Applications (and I believe that's either an Apple recommendation or soon to be requirement)


Yeah - it's more of a script.

https://nxlog.co/

 


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • August 5, 2022
VintageMacGuy wrote:

Yeah - it's more of a script.

https://nxlog.co/

 


@VintageMacGuy If you do a Show Package Contents on the nxlog binary in the Finder does it show any contents?


Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • August 5, 2022
sdagley wrote:

@VintageMacGuy If you do a Show Package Contents on the nxlog binary in the Finder does it show any contents?


Yes. The contents of nxlog include:

_CodeSignature/CodeResources
Embedded.provisionfile
MacOS/nxlog

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • August 5, 2022
VintageMacGuy wrote:
Yes. The contents of nxlog include:

_CodeSignature/CodeResources
Embedded.provisionfile
MacOS/nxlog

Dropping the MacOS/nxlog file onto Apparency _might_ give you the signing ID/Team Identifier, but I'm not sure about the extension type


Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • August 5, 2022
sdagley wrote:

Dropping the MacOS/nxlog file onto Apparency _might_ give you the signing ID/Team Identifier, but I'm not sure about the extension type


Thank you! I was able to find the Team Identifier - 6KBH6TBU4P

Waiting for feedback from the developer on the rest.

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • August 5, 2022
VintageMacGuy wrote:
Thank you! I was able to find the Team Identifier - 6KBH6TBU4P

Waiting for feedback from the developer on the rest.

@VintageMacGuy If you're trying to allow nxlog as a System Extension you _should_ be able to simply create a System Extension payload with the System Extension Types popup set to Allowed Team Identifiers and with the Team Identifier field set to 6KBH6TBU4P


Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • August 5, 2022
sdagley wrote:

@VintageMacGuy If you're trying to allow nxlog as a System Extension you _should_ be able to simply create a System Extension payload with the System Extension Types popup set to Allowed Team Identifiers and with the Team Identifier field set to 6KBH6TBU4P


Thank you! I am going to give that a try later this afternoon and report back.

Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • August 17, 2022

Thank you for the help so far. I was able to get some information with the utilities mentioned above and put together a configuration profile and added that to JAMF, but I am still getting errors in the log.

 

 

 

2022-08-17 08:37:05 INFO [xm_admin|agent_management] reconnecting to 192.168.1.1:4041 in 2 sec 2022-08-17 08:37:07 INFO [xm_admin|agent_management] connecting to 192.168.1.1:4041 2022-08-17 08:37:11 ERROR [xm_admin|agent_management] couldn't connect to 192.168.1.1:4041;Network is unreachable 2022-08-17 08:37:11 INFO [xm_admin|agent_management] reconnecting to 192.168.1.1:4041 in 4 sec 2022-08-17 08:37:14 WARNING [CORE|main] nxlog received a termination request signal, exiting... 2022-08-17 08:38:12 ERROR [im_maces|in] NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security 2022-08-17 08:38:12 WARNING [CORE|main] no functional input modules! 2022-08-17 08:38:12 INFO [CORE|main] nxlog-5.5.7535-trial (1b5eab762@REL_v5.5) started on macOS 2022-08-17 08:38:12 INFO [xm_admin|agent_management] connecting to 192.168.1.1:4041 2022-08-17 08:38:17 ERROR [xm_admin|agent_management] couldn't connect to 192.168.1.1:4041;Network is unreachable 2022-08-17 08:38:17 INFO [xm_admin|agent_management] reconnecting to 192.168.1.1:4041 in 1 sec 2022-08-17 08:38:18 INFO [xm_admin|agent_management] connecting to 192.168.1.1:4041 2022-08-17 08:38:23 ERROR [xm_admin|agent_management] couldn't connect to 192.168.1.1:4041;Network is unreachable

I am working with nxlog to troubleshoot, but they don't have a JAMF platform to test on. They said they are reaching out to JAMF to see about getting a sandbox so we can test this, but have not seen a reply yet from JAMF.

What does the TCC approval error relate to? Is there a misconfiguration in my PPPC or System Extension configuration profile?


Forum|alt.badge.img+1
  • New Contributor
  • 5 replies
  • September 22, 2022
sdagley wrote:

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/) should show you the bundle identifier and signing ID for NXLog



@sdagley wrote:

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/happy wheels) should show you the bundle identifier and signing ID for NXLog


Thank you. I found it.


Forum|alt.badge.img+8
  • Author
  • Valued Contributor
  • 86 replies
  • September 27, 2022
VintageMacGuy wrote:

Thank you for the help so far. I was able to get some information with the utilities mentioned above and put together a configuration profile and added that to JAMF, but I am still getting errors in the log.

 

 

 

2022-08-17 08:37:05 INFO [xm_admin|agent_management] reconnecting to 192.168.1.1:4041 in 2 sec 2022-08-17 08:37:07 INFO [xm_admin|agent_management] connecting to 192.168.1.1:4041 2022-08-17 08:37:11 ERROR [xm_admin|agent_management] couldn't connect to 192.168.1.1:4041;Network is unreachable 2022-08-17 08:37:11 INFO [xm_admin|agent_management] reconnecting to 192.168.1.1:4041 in 4 sec 2022-08-17 08:37:14 WARNING [CORE|main] nxlog received a termination request signal, exiting... 2022-08-17 08:38:12 ERROR [im_maces|in] NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security 2022-08-17 08:38:12 WARNING [CORE|main] no functional input modules! 2022-08-17 08:38:12 INFO [CORE|main] nxlog-5.5.7535-trial (1b5eab762@REL_v5.5) started on macOS 2022-08-17 08:38:12 INFO [xm_admin|agent_management] connecting to 192.168.1.1:4041 2022-08-17 08:38:17 ERROR [xm_admin|agent_management] couldn't connect to 192.168.1.1:4041;Network is unreachable 2022-08-17 08:38:17 INFO [xm_admin|agent_management] reconnecting to 192.168.1.1:4041 in 1 sec 2022-08-17 08:38:18 INFO [xm_admin|agent_management] connecting to 192.168.1.1:4041 2022-08-17 08:38:23 ERROR [xm_admin|agent_management] couldn't connect to 192.168.1.1:4041;Network is unreachable

I am working with nxlog to troubleshoot, but they don't have a JAMF platform to test on. They said they are reaching out to JAMF to see about getting a sandbox so we can test this, but have not seen a reply yet from JAMF.

What does the TCC approval error relate to? Is there a misconfiguration in my PPPC or System Extension configuration profile?


I was able to get the PPPC settings to work by updating the "Identifier" to:
/opt/nxlog/bin/nxlog.app/Contents/MacOS/nxlog

Which is inside the app bundle. This is also the same file that needs to be drug and dropped into the PPPC Utility to get the proper settings/info. The "Open" dialog box won't work because it points to the Applications folder and will only select the App bundle and not go inside the app (unless someone knows a cool trick to get inside the app from inside a dialog box asking you to select an item).


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3536 replies
  • September 27, 2022
VintageMacGuy wrote:

I was able to get the PPPC settings to work by updating the "Identifier" to:
/opt/nxlog/bin/nxlog.app/Contents/MacOS/nxlog

Which is inside the app bundle. This is also the same file that needs to be drug and dropped into the PPPC Utility to get the proper settings/info. The "Open" dialog box won't work because it points to the Applications folder and will only select the App bundle and not go inside the app (unless someone knows a cool trick to get inside the app from inside a dialog box asking you to select an item).


@VintageMacGuy In the Open File dialog do a Shift-Command-G (the same as the Finder's Go to Folder... command) and you can then type, or paste, the path of any file you want to open even if it's something inside an application bundle.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings