Read policy logs during execution

ghart
New Contributor II

tl;dr: I want to write a script to monitor the log JAMF generates when executing a policy.

We are deploying macOS updates by pushing the installer version we want down, then executing "/Applications/Install macOS Monterey.app/Contents/Resources/startosinstall" --agreetolicense in the Files & Processes policy module. 

The problem with this method is that there is no feedback shown to the user to provide the status/progress. I'm going to write a script to use in combination with Octory & octory-notifier to display the current progress. I'd like to use the policy log output as it is generated, and monitor it with less -f -n0|grep... to trigger whatever update I want in Octory.

Is it possible to monitor the policy log as it's generated?

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@ghart Don't re-invent the wheel. erase-install (ignore the erase part of the name, it also does updates) handles downloading, notifying the user of progress, preflighting power and storage requirements, and user authentication prompting on Apple Silicon Macs, to make the macOS upgrade process pretty painless. There's even a section in the Wiki specifically to use via Jamf Pro: https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro

View solution in original post

3 REPLIES 3

sdagley
Esteemed Contributor II

@ghart Don't re-invent the wheel. erase-install (ignore the erase part of the name, it also does updates) handles downloading, notifying the user of progress, preflighting power and storage requirements, and user authentication prompting on Apple Silicon Macs, to make the macOS upgrade process pretty painless. There's even a section in the Wiki specifically to use via Jamf Pro: https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro

ghart
New Contributor II

Well hello, gorgeous erase-install! I figured I'd have to roll my own, since that's just the way I've had to do most of everything. This is a nice solution.  

I'm still curious if it's possible to read those policy logs as they go if I want to use them to trigger something else in the future.

sdagley
Esteemed Contributor II

@ghart I'm not familiar with octory-notifier, but perusing the erase-install.sh source will show you how it monitors the logs to display progress via swiftDialog so you might find inspiration there.