This looks fantastic, I will definitely use this. Thanks for sharing it.
@dan.snelson how did you get the end of the text bold in your self service item? I tried to use html code thinking that might do it but it didn't. Thanks for sharing this.
@dan.snelson thanks that worked.
@dan.snelson Dan, dumb question, can you explain the purpose of the source command at the start of the script? Where do you set the path?
Silly question, but why did you decide to split these into 2 scripts? I assume they are both in the same policy given the Self Service description, so why not have both du commands run in one script, one after the other?
Also, for getting the loggedInUserHome, if you want, you can cut that command down to this:
dscl . -read /Users/$loggedInUser NFSHomeDirectory | awk '{print $NF}'
No need for grep, cut and head.
@dferrara The source command imports an external script (in this case, a logging script which we put on machines during imaging / enrollment).
@mm2270 Our Tier 1, 2 and 3 support personnel sometimes run this for end-users via Casper Remote and they like the flexibility of running one, the other, or both. (I like your loggedInUserHome better than the one I'm using; thanks.)
@dan.snelson Thanks for sharing. Can you elaborate on your logging script?
This is great, easier to do than deploying OmniDiskSweeper or the like. Thanks for the contribution!
Just created a variation on this as well, thanks for the idea.
Added this bit at the end to make it open automatically in the users browser (obviously you will need to work out the variables first).
if [ -f "/Users/$CURRENT_USER/$FILE_NAME" ]; then
su - $CURRENT_USER -c "open -a safari /Users/$CURRENT_USER/$FILE_NAME"
fi
@ssrussell Our logging script was inspired by Stack Overflow and is installed on each client during imaging or when enrollment is completed. (My personal preference is to not write anything to jamf.log so that JAMF support isn't slowed down by my nonsensical gibberish when debugging their code.)
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# Standard logging functions which are imported into other scripts
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 22-Nov-2014, Dan K. Snelson
#
####################################################################################################
#
# LOGGING
#
# Logging variables
logFile="/var/log/com.company.division.department.log"
alias now="date '+%Y-%m-%d %H:%M:%S'"
#
# Check for / create logFile
if [ ! -f "${logFile}" ]; then
### logFile not found; Create logFile
/usr/bin/touch "${logFile}"
fi
# Save standard output and standard error
exec 3>&1 4>&2
# Redirect standard output to logFile
exec 1>>"${logFile}"
# Redirect standard error to logFile
exec 2>>"${logFile}"
#
# Example
# /bin/echo "`now` Hello, world!" >> $logFile
#
# Enable all logging from this point forward
# set -xv; exec 1>"${logFile}" 2>&1
#
####################################################################################################
@Look Nice. Simplifies the end-user finding the output.
This is exactly what I'm looking for to help my company slim down their hard drives, we have too many users using 90% +
Is there a simple way you can think to get the results sent to someone else or back to the JAMF server?
@rgranholm You could look at sending the resulting data in an email to yourself, or a dist from the command line using Unix mail.
echo "$some_data" | mail -s "My Subject" rgranholm@company.com
There are a few other more advanced options you can throw in there, but the above is the basic idea. For example, since we're talking about a very simple text (log) file, you can try attaching it using uuencode:
uuencode "${logFile}" com.company.division.department.log | mail -s "My Subject" rgranholm@company.com
Or include a message body along with the attachment:
(echo "This is my message body"; uuencode "${logFile}" com.company.division.department.log) | mail -s "My Subject" rgranholm@company.com
Edit: forgot to mention that, using the JSS API, you can also attach the log file as an attachment to the computer record in the JSS. That way anyone with access to the detailed computer records could download and view it.
And finally, there's including the report information in an EA. Meaning, pipe the results of the policy into the log file as per above, then have an EA script pick up the contents so its viewable directly within the record. Only issue with the latter approach is it may be a lot of info to have in an EA field, so you may want to try some of the other approaches.
@mm2270 .. thanks! I'm a complete novice when it comes to scripting so I'm copying and pasting and testing my way there.
I'm testing adding the uuencode line to the end of the script, but it spit an error that said "uuencode: : No such file or directory....I'm unsure how to define the location of that log file.
I'm really interested in attaching the log file to the computer record, would it be too much trouble to show me how I'd need to edit the script to do this? ... the e-mail option works as well.
Thank you!
@rgranholm See modified version of Dan's script from above. This is the one that does the top level disk usage, but the principle could be used for the other script as well. Keep in mind I copied his logging script into /private/var/scripts/ on my Mac, so its referenced in the source import line below. You'd need to customize that if you put it in a different location and name it something else.
The other items that need to be changed would be the emailRec variable, which would be either a single email address, or any number of email addresses separated by a comma (no spaces) And also any text in the echo that creates the body of the email.
The end result will be an email with the attachment with whatever you specify as the name, and a subject and body that reflect what machine its coming from.
See screenshot below (with some items blocked out). As you can see, it includes the computer name in both the file name as well as subject and body text. I also sent it both to my company email and my personal gmail account as seen below.
Here's the modified script:
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# Disk Usage
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 8-Dec-2014, Dan K. Snelson
#
####################################################################################################
# Import logging functions
source /var/scripts/logging.sh
####################################################################################################
loggedInUser=$(stat -f%Su /dev/console)
loggedInUserHome=$(dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{print $NF}')
machineName=$(scutil --get LocalHostName)
/bin/echo "`now` *** Calculate Disk Usage for / ***" >> $logFile
/usr/bin/du -axrg / | sort -nr | head -n 75 > $loggedInUserHome/Desktop/$machineName-ComputerDiskUsage.txt
## var of path to log file
userLogFile="$loggedInUserHome/Desktop/$machineName-ComputerDiskUsage.txt"
logFileName="$machineName-ComputerDiskUsage.txt"
## Email recipient address
emailRec="somebody@mycompany.com"
(echo "Disk usage report attached for ${machineName}"; uuencode "$userLogFile" "$logFileName") | mail -s "Disk Usage Report - ${machineName}" "$emailRec"
Few other items: you can also add both cc's and bcc's to any email by doing something like:
-c somebody2@company.com -b somebody3@company.com
The -c is CC and -b is BCC
One last thing on the unix email option. YMMV on whether it will actually work. I've seen some environments that block sending email from the command line, and the email ends up stuck in the local machine's outbox. So you'll need to test this under as many conditions as you can to ensure it works.
As for attaching to the computer record in the JSS, give me a few and I'll post some code to do that as well. In the interim, feel free to search around on here because I know there are existing examples of using the API to attach a file. In fact, I think I may have already posted an example on another older thread somewhere on how to do that.
Hmm immediately fails with uuencode: /Users/rgranholm/Desktop/RFG-MbProR15-ComputerDiskUsage.txt: No such file or directory
Seems as though it tries to execute uuencode first, I'll keep tinkering
Ah nevermind, saw the comments out line for generating the .txt file, removed that and made progress.
Oops, yeah, I did comment that out toward the end and forgot to remove it before posting. Sorry for the confusion. Post above updated.
Edit: To be clear though, you should only remove the comment hash sign, not the entire line, since that actually does the bulk of the work of generating the report file.
@rgranholm: Thanks for the idea …@mm2270: Thanks for pulling it off; I'll have to try it out.
No problem, it executed, but no email was received.
I've been testing it by executing it as a shell .sh file in terminal, you mentioned some environments wouldn't play nice with e-mail so I'll look into that next.
The terminal gave me the below output, and several more denied folders...but otherwise produced the text file.
RFG-MbProR15:Desktop rgranholm$ sh diskusage.sh
diskusage.sh: line 23: now: command not found
diskusage.sh: line 23: $logFile: ambiguous redirect
du: /.DocumentRevisions-V100: Permission denied
du: /.fseventsd: Permission denied
du: /.Spotlight-V100: Permission denied
du: /.Trashes: Permission denied
@rgranholm Since the JAMF binary executes scripts as root, you may want to elevate your permissions in your shell to simulate how the JSS will execute scripts.
Thanks Dan, I'll give that a try now.
@rgranholm As Dan mentioned, you need to run the script as root since du is going to need to scan a bunch of locations that may otherwise have permissions protections on them.
Plus, it needs to be able to both create and write to the log file, which I think by default is going into a normally root protected location. I was not able to run the script normally in my user context and have it work. Only when I put sudo in front of it did it work.
Also, that ambiguous redirect makes me think you didn't set up the logging script that @dan.snelson posted up earlier in the thread. Its going to try to reference that for logging purposes and if it can't locate it it won't really work.
Hope that helps.
Hmm using sudo eliminated all the permission issues.
I put a blank txt file in the var/scripts location named logging.sh see here: http://take.ms/VSGjo
Howver I still do get the below
diskusage.sh: line 23: now: command not found
diskusage.sh: line 23: $logFile: ambiguous redirect
