-
Notifications
You must be signed in to change notification settings - Fork 2
/
GatherLogs.sh
63 lines (47 loc) · 2.1 KB
/
GatherLogs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/bash
## Gather Logs
## Version 1.1, June 16, 2023
## By Kevin M. Cox
## This script gathers macOS and application logs then creates a tarball so users can attach the results to IT tickets for evaluation.
# Get the current date and time
dateShort=$(/bin/date '+%F_%H.%M')
# Define the output folder
outputFolder="/Users/Shared/macOS_Logs_$dateShort"
# Get the username of the current user
currentUser="$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ { print $3 }')"
# Make the output folder to gather the results
/bin/mkdir "$outputFolder"
# Munki logs
/bin/mkdir "$outputFolder"/Managed-Software-Center/
/bin/cp -pr /Library/Managed\ Installs/Logs/ "$outputFolder"/Managed-Software-Center/
# System logs
/bin/mkdir "$outputFolder"/private-var-log/
/bin/mkdir "$outputFolder"/private-var-logs/
/bin/cp -pr /private/var/log/ "$outputFolder"/private-var-log/
/bin/cp -pr /private/var/logs/ "$outputFolder"/private-var-logs/
# Library logs
/bin/mkdir "$outputFolder"/Library-Logs/
/bin/cp -pr /Library/Logs/ "$outputFolder"/Library-Logs/
# User logs
/bin/mkdir "$outputFolder"/User-Library-Logs/
/bin/cp -pr /Users/"$currentUser"/Library/Logs/ "$outputFolder"/User-Library-Logs/
# CrowdStrike Falcon stats
falconctl="/Applications/Falcon.app/Contents/Resources/falconctl"
if [ -x $falconctl ]; then
/bin/mkdir "$outputFolder"/CrowdStrike-Falcon/
$falconctl stats > "$outputFolder"/CrowdStrike-Falcon/stats.log
fi
# AWS VPN logs
if [ -d /Users/"$currentUser"/.config/AWSVPNClient/logs/ ]; then
/bin/mkdir "$outputFolder"/AWS-VPN/
/bin/cp -pr /Users/"$currentUser"/.config/AWSVPNClient/logs/ "$outputFolder"/AWS-VPN/
fi
# Create a compressed tar archive of the files
cd /Users/Shared/ || (echo "Changing directories failed, unable to tar logs" && exit 1)
/usr/bin/tar -czf macOS_Logs_"$dateShort".tgz "macOS_Logs_$dateShort"
# Change the ownership on the archive
/usr/sbin/chown "$currentUser":wheel macOS_Logs_"$dateShort".tgz
# Move it to the desktop
/bin/mv macOS_Logs_"$dateShort".tgz /Users/"$currentUser"/Desktop/macOS_Logs_"$dateShort".tgz
# Delete the output folder
/bin/rm -rf "$outputFolder"