- Jamf Nation Community
- Community & Events
- Jamf Nation
- Re: Pull Jamf Connect Logs
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Pull Jamf Connect Logs
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-25-2023 01:21 PM
We use Jamf Connect Menu to manage domain passwords on our Macs. I had an end user this week report that the countdown of their password displayed a "-1" instead of the 20 something days they thought they had left. I worked with Jamf Support and by the time the end user worked around to me for assistance, they had already changed their password and so, any logs which may have pointed to something helpful were overwritten and didn't help.
In light of that, I learned what Jamf Connect logs were most helpful in that situation and I created a script to gather them and upload them into Jamf. I'd like to share it here in case others may find it useful also. To be clear, I took what @kc9wwh (Josh Roskos) at Jamf had for uploading logs into Jamf and tweaked it to gather only the JC logs needed. (Thanks Josh...! He deserves the credit.). I configured the script with encrypted password strings. Josh explains all that on his post here: https://github.com/kc9wwh/logCollection
This script will pull the 3 Jamf Connect logs:
- JamfConnect.log
- Heimdal.log
- JamfConnectState file (uploaded as a plist)
After this is ran, it's available as an attachment in the computer record of the end user who ran it. I decided to put it in Self Service and if anyone has the "-1" indicator on their Jamf Connect Menu bar, I will direct them to this. Hope others find it helpful as well.
#!/bin/bash
#
# Thanks Josh Roskos
# This script will pull important logs when you need to troubleshoot Jamf Connect.
# It will pull three logs: JamfConnect log, Heimdal log and pull the Jamf Connect State plist file.
# They get put into the folder: /tmp/jcLogs/ and then get zipped up in /tmp as one .zip file in this format:
# <compName>-<currentuser>-<date.time.stamp>.zip
#
bearerToken=""
tokenExpirationEpoch="0"
## User Variables
jamfProURL="$4"
jamfProUser="$5"
jamfProPassEnc="$6"
## Variables
mySerial=$( system_profiler SPHardwareDataType | grep Serial | awk '{print $NF}' )
currentUser=$( stat -f%Su /dev/console )
compHostName=$( scutil --get LocalHostName )
timeStamp=$( date '+%Y-%m-%d-%H-%M-%S' )
jamfProPass=$( echo "$6" | /usr/bin/openssl enc -aes256 -d -a -A -S "$7" -k "$8" )
getBearerToken() {
response=$(curl -s -u "$jamfProUser":"$jamfProPass" "$jamfProURL"/api/v1/auth/token -X POST)
bearerToken=$(echo "$response" | plutil -extract token raw -)
tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")
}
checkTokenExpiration() {
nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s")
if [[ tokenExpirationEpoch -gt nowEpochUTC ]]
then
echo "Token valid until the following epoch time: " "$tokenExpirationEpoch"
else
echo "No valid token available, getting new token"
getBearerToken
fi
}
invalidateToken() {
responseCode=$(curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfProURL/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
if [[ ${responseCode} == 204 ]]
then
echo "Token successfully invalidated"
bearerToken=""
tokenExpirationEpoch="0"
elif [[ ${responseCode} == 401 ]]
then
echo "Token already invalid"
else
echo "An unknown error occurred invalidating the token"
fi
}
# Make a directory to store the JC Logs we want
mkdir /tmp/jcLogs/
# Jamf Connect commands to pull the needed logs
log show --style compact --predicate 'subsystem == "com.jamf.connect"' --debug > /tmp/jcLogs/JamfConnect.log
log show --style compact --predicate 'subsystem == "com.apple.Heimdal"' --debug > /tmp/jcLogs/Heimdal.log
defaults read com.jamf.connect.state > /tmp/jcLogs/jamfConnectState.plist
# Log creation
fileName=$compHostName-$currentUser-$timeStamp.zip
zip -r /tmp/$fileName /tmp/jcLogs/
checkTokenExpiration
curl -s -H "Authorization: Bearer ${bearerToken}" $url/api/v1/jamf-pro-version -X GET
checkTokenExpiration
# Query the Jamf server for the ID of the computer we need the logs from
jamfProID=$(/usr/bin/curl -X GET "$jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general" -H "accept: application/xml" -H "Authorization: Bearer ${bearerToken}" | xpath -e "//computer/general/id/text()" )
# Post up to our Jamf Server the logs we just gathered
curl -k -u "$jamfProUser":"$jamfProPass" $jamfProURL/JSSResource/fileuploads/computers/id/$jamfProID -F name=@/private/tmp/$fileName -X POST
invalidateToken
# Remove the files from the device
rm /private/tmp/$fileName
exit 0
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-25-2023 11:59 AM
Getting an error when running.
Failed conversion of ``<stdin>: Could not extract value, error: No value at that key path or invalid key path: expires'' using format ``%Y-%m-%dT%T''
date: illegal time format
usage: date [-jnRu] [-I[date|hours|minutes|seconds]] [-f input_fmt]
[-r filename|seconds] [-v[+|-]val[y|m|w|d|H|M|S]]
[[[[mm]dd]HH]MM[[cc]yy][.SS] | new_date] [+output_fmt]
