Hi there,
I've been trying to find a way to get an extension attribute in Jamf to look at "/Library/Management/super/super.log" for a line:
Parameter Error: You can not use both the --deadline-count-soft and --deadline-count-hard options at the same time. You must pick one deadline count behavior.And report the result of true/false. I have a policy setup to uninstall and reinstall super from there.
You would need to use macOS log predicates, and query macOS Event Logging which should not be done with an Extension Attribute. At least I would not recommend trying to parse event logs with an Extension Attribute. Terminal can open a log file with Vim or Nano, but those are text editors and there is not a way for them to tell you if a value is in the log.
You really want a tool that monitors macOS Event logs and notifies or redirects when a particular event happens. This is not something Jamf Pro can do, however Jamf Protect can. Jamf Protect can even trigger a Jamf Pro policy when it sees an event such as one to reinstall Super if you wanted.
You would need to use macOS log predicates, and query macOS Event Logging which should not be done with an Extension Attribute. At least I would not recommend trying to parse event logs with an Extension Attribute. Terminal can open a log file with Vim or Nano, but those are text editors and there is not a way for them to tell you if a value is in the log.
You really want a tool that monitors macOS Event logs and notifies or redirects when a particular event happens. This is not something Jamf Pro can do, however Jamf Protect can. Jamf Protect can even trigger a Jamf Pro policy when it sees an event such as one to reinstall Super if you wanted.
The request from @_aDiedericks was to check the "/Library/Management/super/super.log" log file, not the system log stream, so there is no need to query macOS Event Logging and a simple grep of the contents of that file like the EA below would do what they ask:
#!/bin/sh
LogToQuery="/Library/Management/super/super.log"
result="false"
if [ -e "$LogToQuery" ]; then
errorFound=$(/usr/bin/grep '--deadline-count-soft and --deadline-count-hard' "$LogToQuery")
if [ -n "$errorFound" ]; then
result="true"
fi
fi
echo "<result>$result</result>"The caveat on using this EA is that once the error is in the super.log file it will _always_ return true, so the policy to re-install super should nuke the log file so it's not triggered repeatedly.
I know it's a bit of a hammer approach, but wouldn't applying the corrected policy with right options to every machine fix your problem?
The request from @_aDiedericks was to check the "/Library/Management/super/super.log" log file, not the system log stream, so there is no need to query macOS Event Logging and a simple grep of the contents of that file like the EA below would do what they ask:
#!/bin/sh
LogToQuery="/Library/Management/super/super.log"
result="false"
if [ -e "$LogToQuery" ]; then
errorFound=$(/usr/bin/grep '--deadline-count-soft and --deadline-count-hard' "$LogToQuery")
if [ -n "$errorFound" ]; then
result="true"
fi
fi
echo "<result>$result</result>"The caveat on using this EA is that once the error is in the super.log file it will _always_ return true, so the policy to re-install super should nuke the log file so it's not triggered repeatedly.
Thanks! Your script works. I already had the policy configured to delete super.log after run, that should make this a self sustainable process. I just had to correct the LogToQuery reference directory as well as the grep search for some reason '--deadline-count-soft and --deadline-count-hard' just kept reporting false even though the log stated true. End result is as below:
#!/bin/sh
LogToQuery="/Library/Management/super/logs/super.log"
result="false"
if [ -e "$LogToQuery" ]; then
errorFound=$(/usr/bin/grep 'You can not use both the --deadline-count-soft and --deadline-count-hard options at the same time. You must pick one deadline count behavior.' "$LogToQuery")
if [ -n "$errorFound" ]; then
result="true"
fi
fi
echo "<result>$result</result>"Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.