Jamf Nation Community

macdsl · ‎09-15-2017

I just need to get the console logs for a couple machines, they are restarting for some reason, while the user is working on them (as reported) I am trying to see if it's really restarting? Or just logging off..

I can see when machines start after a failure, but i can't see why as the console for the user is completely blank, and we set Admin accounts to log off after 60 seconds (I know, i know)

How do I pull the console logs to see what's happening?

JAMF is 9.990
Users are on 10.12.6

I really should know this, but i'm drawing a total blank...

Thanks!

dan-snelson · ‎09-16-2017

@macdsl The following will save the output of sysdiagnose to the current user's Desktop; will that meet your needs?

#!/bin/sh

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
loggedInUserHome=`dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1`
timestamp=`date '+%Y-%m-%d-%H-%M-%S'`

/bin/echo "*** Gather Log Files to $loggedInUser's Desktop ***"
/bin/echo -ne '
' | /usr/bin/sysdiagnose -A $loggedInUser-system-wide-$timestamp -f $loggedInUserHome/Desktop
/bin/echo "Log Files saved to: $loggedInUserHome/Desktop/$loggedInUser-$timestamp.tar.gz"

message="Log Gathering Complete

Your computer logs have been saved
to your Desktop as:
$loggedInUser-system-wide-$timestamp.tar.gz

Please transfer the file to your support representative.

"
/usr/local/jamf/bin/jamf displayMessage -message "$message"


exit 0      ## Success
exit 1      ## Failure

macdsl · ‎09-18-2017

Apologies for not getting back sooner, for some reason when I changed jobs my JAMF Nation no longer sends me messages... My account looks correct, but my certification is gone, and it's not working right.. but that's another story......

There's not a way to turn on System Logging for an individual machine and have it display in the History Window for that machine? I see Policy logs, Application Usage logs, Computer Usage logs only tells me when it's started..

I'll try out your suggestion, which gets me the logs onto the users's desktop Maybe there's a way to use ARD to just copy it form the machine to mine?

PS. Thanks for your help on this, I do appreciate it!

macdsl · ‎09-21-2017

I did get it workable over ARD using:
sudo /Applications/Utilities/Console.app/Contents/MacOS/Console

And when I stop it in ARD, it closes on the remote computer. it would be AWESOME if I was able to get that to open in Console on my machine, but at least I can watch it, search it for info...

Thanks!

Brad_G · ‎09-21-2017

I used a modified version of @CAJensen01 script in [https://www.jamf.com/jamf-nation/discussions/18971/stolen-mac-recovery-of-files](link URL) to create a Self Service button that uploads the logs to a share.

Now when I'm on a call or get an email for help I can ask them to provide the logs if needed.

iOllie · ‎06-16-2020

@dan-snelson I have trouble with the script implementation. The command doesn't work properly:

/bin/echo -ne '
' | /usr/bin/sysdiagnose -A $loggedInUser-system-wide-$timestamp -f $loggedInUserHome/Desktop

The log file shows the next message:

Triggering sysdiagnose programmatically from CLI with incorrect arguments. Exiting.

I found some solution to it by using the Apple Script, but I am not so happy in this stuff.
A am using the script as an ongoing policy as a self-service item

iOllie · ‎03-03-2021

Here is my solution for it:

expect <<- DONE
  set timeout -1
  spawn sysdiagnose -f /Users/$currentUser/Desktop/

  # Look for  prompt
  expect "*?ontinue*"
  # send blank line (
) to make sure we get back to gui
  send -- "
"
  expect eof
DONE

Jamf Nation Community

Pull Console Logs to find out why machine is restarting