While it doesn’t happen often at all sometime your staff will have issues performance issues with Jamf Protect. This was apparent for us recently with an issue that was patched in 3.1.4.425, which was compounded by a Unified Logging filter that generated a lot of information. In the process of gathering logs for support we realised that the shell scripts they were providing weren’t easy for our employees to run/save/send to us in a timely manner. The resulting script and workflow came of this to automatically capture the logs and upload them to a write only S3 bucket
The Write Only S3 Bucket
First you need to make a S3 Bucket and assign a IAM user Put only rights to it. The following permissions should accomplish this, place S3BUCKETNAME with your bucket name. Please test and validate it’s correctly restricting to write only.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::S3BUCKETNAME/*"
]
}
]
}
The Script
You can find the script used on our public GitHub repo at https://github.com/isaacatmann/Jamf-Protect-Diagnostics-Upload – Upload this as a script in your Jamf Instance.
The Policy
We found this works best as a Self Service items so that any staff impacted by issues can immediately report when they occur. The policy should have the following settings
General | Payloads | Scope |
---|---|---|
Trigger Self Service Frequency Ongoing | Scripts Jamf Protect Diagnostics Upload.sh Parameter 4: S3 Write only IAM Key Parameter 5: S3 Write only IAM Secret Parameter 6: S3 Bucket Name | Targets All Computers |
Security Note: The IAM Key and Secret will be visible to any user on the computer when the script is running. You should make sure you’re okay with this key being exposed and that it has the correct limitations in pace.
Employee Interaction
When run your employees will be asked a couple question about the issues they’re experiencing. These answer will be included in the zip file that is uploaded to S3.
The Resulting Zip File
You should now have a Zip file in your S3 bucket that has all the information Jamf Support typically asks for.
Great stuff! I like the inclusion of an oascript to capture user feedback/particulars!
LikeLike