Skip to main content
Solved

Script Exit Code - Forcing a policy log to show up as a "Problem"

A
Forum|alt.badge.img+6

Hello,

I'm working on a script which will allow you to copy files/folders to an end user's Mac. I've noticed that scripts which error out are flagged in red in the logs for the policy. What determines if a script errored out and is there anyway to force that?

In this script I run a check to see if the destination path exists. If it does not, the script terminates with a non-zero exit code. When such an event occurs I'd like it highlighted as a Problem so that I can see which machines did not successfully copy a file. After testing it a few times on a machine where I knew the destination path did not exist, the logs were marked as successful even though the exit code was non-zero.

Best answer by mm2270

This question came up recently in a Feature Request thread. While I don't know all the keywords the jamf binary will look for to determine a failure, I know "error" is one of them. These get read from stdout, which would include anything that gets echoed back in a shell script, as an example.

So the trick then is to use that exit status of your script, and if its not "0", do something like:

echo "error: script failed"

As long as its being echoed out with a keyword the jamf binary will see, it should correctly identify it as an unsuccessful script run.

Edit: I just ran a couple of quick tests with a bogus script that simply echoed out a variable $4 assigned to the script. "failed" and "failure" also both get picked up by the policy as a problem. When I enter "passed" as the variable to echo, it shows as a successful run.
So so far, error, failed, and failure are 3 keywords you can use when checking exit status and reporting it back. I'm not sure what other keywords it might look for though, but those 3 should be enough.

View original
    Did this topic help you find an answer to your question?

    13 replies

    mm2270
    Forum|alt.badge.img+16
    • mm2270
    • Legendary Contributor
    • 7880 replies
    • Answer
    • July 24, 2013

    This question came up recently in a Feature Request thread. While I don't know all the keywords the jamf binary will look for to determine a failure, I know "error" is one of them. These get read from stdout, which would include anything that gets echoed back in a shell script, as an example.

    So the trick then is to use that exit status of your script, and if its not "0", do something like:

    echo "error: script failed"

    As long as its being echoed out with a keyword the jamf binary will see, it should correctly identify it as an unsuccessful script run.

    Edit: I just ran a couple of quick tests with a bogus script that simply echoed out a variable $4 assigned to the script. "failed" and "failure" also both get picked up by the policy as a problem. When I enter "passed" as the variable to echo, it shows as a successful run.
    So so far, error, failed, and failure are 3 keywords you can use when checking exit status and reporting it back. I'm not sure what other keywords it might look for though, but those 3 should be enough.

    M
    1 person likes this
    • M
      mstydel
    donmontalvo
    Forum|alt.badge.img+36
    • donmontalvo
    • Legendary Contributor
    • 4293 replies
    • July 24, 2013

    Another option using logging....

    Add variable to script:

    packagename="mypackage"

    ...and...

    #-------------------------------------------------------
# Logging
#-------------------------------------------------------
logFile="/private/var/log/"$packagename".log"
log () {
echo $1
echo $(date "+%Y-%m-%d %H:%M:%S: ") $1 >> $logFile
}

    Add log commands to capture the errors...then peruse /private/var/log/mypackage.log file for errors.

    Don

    --https://donmontalvo.com
    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • 1007 replies
    • July 24, 2013

    or write to syslog
    logger "my message"
    tail -1 /var/log/system.log
    Jul 24 15:32:17 HPES-nesstodd nesstodd[60009]: my message

    A
    Forum|alt.badge.img+6
    • AKuzenkov
    • Author
    • Contributor
    • 15 replies
    • July 24, 2013

    mm2270's suggestion worked.

    I liked the other two as well, something to keep handy for future use, but in this instance they wouldn't work since logging to a local file would then require going into each machine individually and reviewing the log or running an additional script to fetch the log and store it on a central server.

    Thanks everyone!

    A
    Forum|alt.badge.img+6
    • AKuzenkov
    • Author
    • Contributor
    • 15 replies
    • July 24, 2013

    Here is the script if anyone's interested.

    #!/bin/sh

##############################################################
# NAME
#   fileCopy.sh -- Copy files and folders from CasperShare/Files to end user's hard drive.
#
# SCRIPT PARAMETERS
#
# $1 - mountPoint           $2 - Computer Name          $3 - Username   
# -------           
# $4 - Name of the file/directory to copy
# $5 - Path that you're copying to
#
##############################################################
#
# VARIABLES & PARAMETERS
#
##############################################################

sourceFile=$4
destPath=$5
sourcePath="/Volumes/CasperShare/Files"

##############################################################
# 
# SCRIPT CONTENTS
#
##############################################################

# Check to see if source file/folder exists
if [ ! -f "$sourcePath/$sourceFile" ] && [ ! -d "$sourcePath/$sourceFile" ]; then
    echo "Error: SOURCE does not exist!";
    exit 1
fi

# Check if source folder is a file, else it's a directory
if [ -f "$sourcePath/$sourceFile" ]; then
    if [ ! -d "$destPath" ]; then
        echo "Error: Destination path does not exist!";
        exit 1
    fi
    # Check if file already exists to prevent over-writing.
    if [ -f "$destPath/$sourceFile" ]; then
        echo "Error: Destination path already contains FILE "$sourceFile"";
        exit 1
    fi
    echo "Copying FILE "$sourceFile" to "$destPath"";
    cp "$sourcePath/$sourceFile" "$destPath";
    chmod 777 "$destPath/$sourceFile";
else
    if [ ! -d "$destPath" ]; then
        echo "Error: Destination path does not exist!";
        exit 1
    fi
    # Check if folder already exists to prevent over-writing.
    if [ -d "$destPath/$sourceFile" ]; then
        echo "Error: Destination path already contains DIRECTORY "$sourceFile"";
        exit 1
    fi
    echo "Copying DIRECTORY "$sourceFile" to "$destPath"";
    cp -R "$sourcePath/$sourceFile" "$destPath";
    chmod -R 777 "$destPath/$sourceFile";
fi 

exit 0
    M
    Forum|alt.badge.img+6
    • mgarman
    • Contributor
    • 10 replies
    • August 25, 2015

    I want my script, when it fails, to show as a fail in the Logs list AND to send JAMF Error message. I have my Email notifications set to notify me when: Error occurs when policy runs

    I put in my script:

    echo "error: script failed"
    exit 1

    The log shows it as a failure, but it doesn't send a JAMF Error Message. Any way to do that?

    karthikeyan_mac
    Forum|alt.badge.img+17
    • karthikeyan_mac
    • Honored Contributor
    • 281 replies
    • September 29, 2016

    Hi ,

    JAMF has mentioned in release notes that now policy logs takes the script exit value. I have a script to run after which has if else statement but if I use "exit 1" the policy log still shows as success. the policy should fail based on the exit 1 value in the else statement of the script.

    Thanks & Regards,
    Karthikeyan

    K
    Forum|alt.badge.img+8
    • krispayne
    • Contributor
    • 69 replies
    • January 25, 2018

    exit 1 and echo "something something failure" do not currently make a policy fail on Jamf Pro 10

    K
    Forum|alt.badge.img+8
    • krispayne
    • Contributor
    • 69 replies
    • January 25, 2018

    Jamf support told me to go to Jamf Nation to find out about how to get their product's policies to recognize Bash exit codes. Anyone able to figure out how to do this in Jamf 10?

    G
    1 person likes this
    • G
      greg_sheppard_k
    L
    Forum|alt.badge.img+16
    • Look
    • Valued Contributor
    • 1002 replies
    • January 25, 2018

    I wonder if having the script kill itself would do it...

    K
    Forum|alt.badge.img+8
    • krispayne
    • Contributor
    • 69 replies
    • January 25, 2018

    I suppose you could do a kill $$ or pipe to a die function or something, but that's designing around the problem I think. I could have sworn the JSS could tell at least whether a script within a policy was 0 or 1

    G
    Forum|alt.badge.img+1

    -- (wrong account)

    G
    Forum|alt.badge.img+2
    • gregsheppard
    • New Contributor
    • 7 replies
    • January 26, 2021

    @krispayne, did you figure out how to make a policy exit early?

    Thanks!

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings