Pull Jamf Connect Logs

Contributor III

We use Jamf Connect Menu to manage domain passwords on our Macs.  I had an end user this week report that the countdown of their password displayed a "-1" instead of the 20 something days they thought they had left.  I worked with Jamf Support and by the time the end user worked around to me for assistance, they had already changed their password and so, any logs which may have pointed to something helpful were overwritten and didn't help.  

In light of that, I learned what Jamf Connect logs were most helpful in that situation and I created a script to gather them and upload them into Jamf.  I'd like to share it here in case others may find it useful also.  To be clear, I took what @kc9wwh (Josh Roskos) at Jamf had for uploading logs into Jamf and tweaked it to gather only the JC logs needed.  (Thanks Josh...! He deserves the credit.). I configured the script with encrypted password strings.  Josh explains all that on his post here: https://github.com/kc9wwh/logCollection

This script will pull the 3 Jamf Connect logs:

  • JamfConnect.log
  • Heimdal.log
  • JamfConnectState file (uploaded as a plist)

After this is ran, it's available as an attachment in the computer record of the end user who ran it.  I decided to put it in Self Service and if anyone has the "-1" indicator on their Jamf Connect Menu bar, I will direct them to this.  Hope others find it helpful as well. 

# Thanks Josh Roskos
# This script will pull important logs when you need to troubleshoot Jamf Connect.
# It will pull three logs: JamfConnect log, Heimdal log and pull the Jamf Connect State plist file.
# They get put into the folder: /tmp/jcLogs/ and then get zipped up in /tmp as one .zip file in this format:
# <compName>-<currentuser>-<date.time.stamp>.zip


## User Variables

## Variables
mySerial=$( system_profiler SPHardwareDataType | grep Serial |  awk '{print $NF}' )
currentUser=$( stat -f%Su /dev/console )
compHostName=$( scutil --get LocalHostName )
timeStamp=$( date '+%Y-%m-%d-%H-%M-%S' )
jamfProPass=$( echo "$6" | /usr/bin/openssl enc -aes256 -d -a -A -S "$7" -k "$8" )

getBearerToken() {
	response=$(curl -s -u "$jamfProUser":"$jamfProPass" "$jamfProURL"/api/v1/auth/token -X POST)
	bearerToken=$(echo "$response" | plutil -extract token raw -)
	tokenExpiration=$(echo "$response" | plutil -extract expires raw - | awk -F . '{print $1}')
	tokenExpirationEpoch=$(date -j -f "%Y-%m-%dT%T" "$tokenExpiration" +"%s")

checkTokenExpiration() {
	nowEpochUTC=$(date -j -f "%Y-%m-%dT%T" "$(date -u +"%Y-%m-%dT%T")" +"%s")
	if [[ tokenExpirationEpoch -gt nowEpochUTC ]]
		echo "Token valid until the following epoch time: " "$tokenExpirationEpoch"
		echo "No valid token available, getting new token"

invalidateToken() {
	responseCode=$(curl -w "%{http_code}" -H "Authorization: Bearer ${bearerToken}" $jamfProURL/api/v1/auth/invalidate-token -X POST -s -o /dev/null)
	if [[ ${responseCode} == 204 ]]
		echo "Token successfully invalidated"
	elif [[ ${responseCode} == 401 ]]
		echo "Token already invalid"
		echo "An unknown error occurred invalidating the token"

# Make a directory to store the JC Logs we want
mkdir /tmp/jcLogs/

# Jamf Connect commands to pull the needed logs
log show --style compact --predicate 'subsystem == "com.jamf.connect"' --debug > /tmp/jcLogs/JamfConnect.log
log show --style compact --predicate 'subsystem == "com.apple.Heimdal"' --debug > /tmp/jcLogs/Heimdal.log
defaults read com.jamf.connect.state > /tmp/jcLogs/jamfConnectState.plist

# Log creation
zip -r /tmp/$fileName /tmp/jcLogs/

curl -s -H "Authorization: Bearer ${bearerToken}" $url/api/v1/jamf-pro-version -X GET

# Query the Jamf server for the ID of the computer we need the logs from
jamfProID=$(/usr/bin/curl -X GET "$jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general" -H "accept: application/xml" -H "Authorization: Bearer ${bearerToken}" | xpath -e "//computer/general/id/text()" )

# Post up to our Jamf Server the logs we just gathered
curl -k -u "$jamfProUser":"$jamfProPass" $jamfProURL/JSSResource/fileuploads/computers/id/$jamfProID -F name=@/private/tmp/$fileName -X POST

# Remove the files from the device
rm /private/tmp/$fileName
exit 0



New Contributor

Getting an error when running.

Failed conversion of ``<stdin>: Could not extract value, error: No value at that key path or invalid key path: expires'' using format ``%Y-%m-%dT%T''
date: illegal time format
usage: date [-jnRu] [-I[date|hours|minutes|seconds]] [-f input_fmt]
[-r filename|seconds] [-v[+|-]val[y|m|w|d|H|M|S]]
[[[[mm]dd]HH]MM[[cc]yy][.SS] | new_date] [+output_fmt]