黑料海角91入口

Help Center Home > Agent KB > Use 黑料海角91入口 Log Collection Scripts

Use 黑料海角91入口 Log Collection Scripts

This article explains how to use log collection scripts for macOS and Windows devices and the information they collect. These scripts provide 黑料海角91入口 Admins a quick and easy way to collect all the necessary log files to troubleshoot 黑料海角91入口 related issues.

Tip:

For Linux diagnostics, see the public script linked to the right under Learn More.

macOS

The macOS Log Collection script generates a comprehensive archive of 黑料海角91入口 service and related system logs.

To view the script, see .

Running via 黑料海角91入口 Commands (Recommended)

There are two configuration options located at the top of the script:

automate=false # set to true if running via a 黑料海角91入口 command (recommended)
days=2 # number of days of OS logs to gather

  • The automate variable allows the script to run in a silent, non-interactive fashion suitable for use via 黑料海角91入口 Commands. To enable this run mode, change the value to automate=true.
  • The days variable adjusts the amount of system logs to gather from the macOS logging system. This value should be set as low as possible to capture the events related to the case. Extending this value may result in very large log files, and may substantially extend the run time of the script.

Tip:

When running via 黑料海角91入口 Commands, be sure to run as 鈥渞oot鈥 and set a 鈥淭imeout鈥 value long enough to allow the script to finish. A timeout of 1800 seconds is recommended. Most runs will complete within 2 minutes, however depending on log verbosity and collection window, this time may increase substantially.

  • If a user is logged in to the device the script is running on, upon completion a macOS Finder window will open the /Users/<username>/Documents directory to reveal the completed log archive. The archive will be named jc-logArchive-[systemID]-[datestamp].tar.gz and may be emailed to your Customer Success Manager or active support case.
    • If no user is logged in to the device, then the above archive will be written to the /var/tmp/ directory with the same name in the previous section.

Running Commands Locally

The log collection script requires access to protected areas of the OS in order to complete. Because of this, 鈥淔ull Disk Access鈥 is required for either /bin/bash or the Terminal application.

To grant Full Disk Access permissions:

  1. Go to System Settings > Privacy & Security > Full Disk Access.
  2. Click the + icon and browse to Applications > Utilities > Terminal.app.
  3. Ensure the access is enabled for that application.
  4. To run the script, open the Terminal app, navigate to the directory where you saved the script, and run sudo /bin/bash log_Collection.sh.
  5. When run manually, you will be prompted to acknowledge the script will collect the listed items from the system.

Once done, the /Users/<username>/Documents directory opens in a macOS Finder to reveal the assembled archive which you can share with your 黑料海角91入口 representative.

Collected Information

  • 黑料海角91入口 Agent Logs, including:
    • Agent, Installation, Tray app, Remote Assist service and Loginwindow logs from /var/log/
    • User agent, Device-trust keychain, and Remote Assist logs from each managed user鈥檚 ~/Library/Logs directory
    • 黑料海角91入口 Go and Loginwindow logging from the macOS Logging system
    • Patch management configuration and notification logs
  • System Telemetry, including:
    • Currently applied software update settings
    • Presented/Available macOS Software Update list
    • Details of all installed configuration profiles
    • appstored process logs (for VPP & Custom software deployment logs)
    • Filesystem details
    • FileVault status and SecureTokens provisioned on the system (no secrets are collected)

Windows

The Windows Log Collection Script lets you collect all necessary application and event viewer logs, configuration files, and registry keys. This enables you or your 黑料海角91入口 support representative to quickly find information related to your issues to allow for faster issue resolution.

The script can run via 黑料海角91入口 Commands, or locally on any Windows endpoint.

To view the script, see .

Running via 黑料海角91入口 Commands (Recommended)

When you run the Log Collection script from the 黑料海角91入口 Admin console, you need to create a new Windows Powershell command, and change the $automate value from $false to $true.

############### Do Not Modify Below
set to $true if running via a 黑料海角91入口 command (recommended)
$automate = $true
#

  • Setting the $automate value to $true ensures the script is executed on the end user鈥檚 device without user intervention.
  • When set to $true, the script will automatically run with the All Logs selection.
  • This will gather all logs and files listed in the Collected Information selection, with the exception of the Active Directory Integration logs.
  • The log output location is C:\Windows\Temp\$hostname_Jumpcloud_Agent_Logs.zip.

Running Locally

To run the script manually:

  1. Open an elevated PowerShell prompt.
  2. Navigate to the directory where you saved the script.
  3. Run .\log_collection.ps1.

When ran locally you will be presented with the following options:

You can gather all logs, with the exception of the Active Directory logs, or individual or groups of logs based on the issues you鈥檙e troubleshooting.

Once done, the C:\Windows\Temp directory opens in Windows Explorer to reveal the archive, $hostname_Jumpcloud_Agent_logs.zip, which you can share with your 黑料海角91入口 representative.

Collected Information

  • Agent Logs
    • C:\windows\temp\jcagent.log
    • C:\windows\temp\jcagent.log.*
    • C:\Windows\Temp\jcagent_updater.log
    • C:\Windows\Temp\jcExecUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\Windows\Temp\jcUpdate.log
    • C:\Windows\Temp\jcUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\windows\temp\jcagent.log.prev
    • C:\windows\temp\pid-agent-updater.txt
    • C:\Windows\Logs\JCCredentialProvider\provider.log
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\jcagent.conf
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\lockoutCache.json
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\managedUsers.json
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\version.txt
    • Event Viewer: Application.evtx
    • Event Viewer: Security.evtx
    • Event Viewer: System.evtx
    • Event Viewer: Windows PowerShell.evtx
  • Remote Assist Logs
    • C:\Windows\System32\config\systemprofile\AppData\Roaming\黑料海角91入口-Remote-Assist\logs\*.log
    • C:\Windows\Temp\jc_raasvc.log
  • Password Manager Logs
    • C:\Users\USERNAME\AppData\Roaming\黑料海角91入口 Password Manager\logs\logs-live.log
  • MDM Enrollment and Hosted Software Management Logs
    • The logs and event view files gathered by the script using the following command:
      • "mdmdiagnosticstool.exe -area 'DeviceEnrollment;DeviceProvisioning;Autopilot'
        • DiagnosticLogCSP_Collector_Autopilot_: Autopilot etls
        • DiagnosticLogCSP_Collector_DeviceProvisioning_: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
        • MDMDiagHtmlReport.html: Summary snapshot of MDM configurations and policies.Includes, management url, MDM server device ID, certificates, policies.
        • MdmDiagLogMetadata.json: mdmdiagnosticstool metadata file that contains command-line arguments used to run the tool.
        • MDMDiagReport.xml: contains a more detailed view into the MDM configurations, such as enrollment variables, provisioning packages, multivariant conditions, and others.
        • MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
        • MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
        • *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
    • Event Viewer: Application.evtx
    • Event Viewer: Security.evtx
    • Event Viewer: System.evtx
    • Event Viewer: Windows PowerShell.evtx
  • Bitlocker Logs
    • C:\windows\temp\jcagent.log
    • C:\windows\temp\jcagent.log.*
    • C:\Windows\Temp\jcagent_updater.log
    • C:\Windows\Temp\jcExecUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\Windows\Temp\jcUpdate.log
    • C:\Windows\Temp\jcUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\windows\temp\jcagent.log.prevC:\windows\temp\pid-agent-updater.txt
    • C:\Windows\Logs\JCCredentialProvider\provider.log
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\jcagent.conf
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\lockoutCache.json
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\managedUsers.json
    • C:\Program Files\黑料海角91入口\Plugins\Contrib\version.txt
  • Software Management: Chocolatey
    • C:\ProgramData\chocolatey\logs\choco.summary.log
    • C:\ProgramData\chocolatey\logs\chocolatey.log
    • C:\windows\temp\jcagent.log
  • Software Management: Windows Store
    • Application.evtx
    • Microsoft-Windows-AppXDeployment-Operational.evtx
    • Microsoft-Windows-AppXDeploymentServer-Operational.evtx
    • Microsoft-Windows-AppxPackaging-Operational.evtx
    • Security.evtx
    • System.evtx
    • Windows PowerShell.evtx
  • Policies
    • C:\windows\temp\jcagent.log
    • RSOP Output (RSOP.HTML)
  • Active Directory Integration Logs
    • C:\Program Files\黑料海角91入口\AD Integration\黑料海角91入口 AD Import\黑料海角91入口_AD_Import_Grpc.log
    • C:\Windows\Temp\黑料海角91入口_AD_Integration.log
    • C:\Program Files\黑料海角91入口\AD Integration\黑料海角91入口 AD Import\jcadimportagent.config.json
    • C:\Program Files\黑料海角91入口\AD Integration\黑料海角91入口 AD Sync\黑料海角91入口_AD_Sync.log
    • C:\Program Files\黑料海角91入口\AD Integration\黑料海角91入口 AD Sync\config.json

Additional Resources

  • Enroll:
Back to Top

Notebook IconLearn More

Retrieve 黑料海角91入口 Log Files Manually

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case