Help Center Home > Agent KB > Use JumpCloud Log Collection Scripts

Use JumpCloud Log Collection Scripts

This article explains how to use log collection scripts for macOS and Windows devices and the information they collect. These scripts provide JumpCloud Admins a quick and easy way to collect all the necessary log files to troubleshoot JumpCloud related issues.

macOS

The macOS Log Collection script generates a comprehensive archive of JumpCloud service and related system logs.

To view the script, see macOS Log Collection Script.

Running via JumpCloud Commands (Recommended)

There are two configuration options located at the top of the script:

automate=false # set to true if running via a JumpCloud command (recommended)
days=2 # number of days of OS logs to gather

  • The automate variable allows the script to run in a silent, non-interactive fashion suitable for use via JumpCloud Commands. To enable this run mode, change the value to automate=true.
  • The days variable adjusts the amount of system logs to gather from the macOS logging system. This value should be set as low as possible to capture the events related to the case. Extending this value may result in very large log files, and may substantially extend the run time of the script.

Tip:

When running via JumpCloud Commands, be sure to run as “root” and set a “Timeout” value long enough to allow the script to finish. A timeout of 1800 seconds is recommended. Most runs will complete within 2 minutes, however depending on log verbosity and collection window, this time may increase substantially.

  • If a user is logged in to the device the script is running on, upon completion a macOS Finder window will open the /Users/<username>/Documents directory to reveal the completed log archive. The archive will be named jc-logArchive-[systemID]-[datestamp].tar.gz and may be emailed to your Customer Success Manager or active support case.
    • If no user is logged in to the device, then the above archive will be written to the /var/tmp/ directory with the same name in the previous section.

Running Commands Locally

The log collection script requires access to protected areas of the OS in order to complete. Because of this, “Full Disk Access” is required for either /bin/bash or the Terminal application.

To grant Full Disk Access permissions:

  1. Go to System Settings > Privacy & Security > Full Disk Access.
  2. Click the + icon and browse to Applications > Utilities > Terminal.app.
  3. Ensure the access is enabled for that application.
  4. To run the script, open the Terminal app, navigate to the directory where you saved the script, and run sudo /bin/bash log_Collection.sh.
  5. When run manually, you will be prompted to acknowledge the script will collect the listed items from the system.

Once done, the /Users/<username>/Documents directory opens in a macOS Finder to reveal the assembled archive which you can share with your JumpCloud representative.

Collected Information

  • JumpCloud Agent Logs, including:
    • Agent, Installation, Tray app, Remote Assist service and Loginwindow logs from /var/log/
    • User agent, Device-trust keychain, and Remote Assist logs from each managed user’s ~/Library/Logs directory
    • JumpCloud Go and Loginwindow logging from the macOS Logging system
    • Patch management configuration and notification logs
  • System Telemetry, including:
    • Currently applied software update settings
    • Presented/Available macOS Software Update list
    • Details of all installed configuration profiles
    • appstored process logs (for VPP & Custom software deployment logs)
    • Filesystem details
    • FileVault status and SecureTokens provisioned on the system (no secrets are collected)

Windows

The Windows Log Collection Script lets you collect all necessary application and event viewer logs, configuration files, and registry keys. This enables you or your JumpCloud support representative to quickly find information related to your issues to allow for faster issue resolution.

The script can run via JumpCloud Commands, or locally on any Windows endpoint.

To view the script, see JumpCloud Windows Log Collection Script.

Running via JumpCloud Commands (Recommended)

When you run the Log Collection script from the JumpCloud Admin console, you need to create a new Windows Powershell command, and change the $automate value from $false to $true.

############### Do Not Modify Below
set to $true if running via a JumpCloud command (recommended)
$automate = $true
#

  • Setting the $automate value to $true ensures the script is executed on the end user’s device without user intervention.
  • When set to $true, the script will automatically run with the All Logs selection.
  • This will gather all logs and files listed in the Collected Information selection, with the exception of the Active Directory Integration logs.
  • The log output location is C:\Windows\Temp\$hostname_Jumpcloud_Agent_Logs.zip.

Running Locally

To run the script manually:

  1. Open an elevated PowerShell prompt.
  2. Navigate to the directory where you saved the script.
  3. Run .\log_collection.ps1.

When ran locally you will be presented with the following options:

You can gather all logs, with the exception of the Active Directory logs, or individual or groups of logs based on the issues you’re troubleshooting.

Once done, the C:\Windows\Temp directory opens in Windows Explorer to reveal the archive, $hostname_Jumpcloud_Agent_logs.zip, which you can share with your JumpCloud representative.

Collected Information

  • Agent Logs
    • C:\windows\temp\jcagent.log
    • C:\windows\temp\jcagent.log.*
    • C:\Windows\Temp\jcagent_updater.log
    • C:\Windows\Temp\jcExecUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\Windows\Temp\jcUpdate.log
    • C:\Windows\Temp\jcUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\windows\temp\jcagent.log.prev
    • C:\windows\temp\pid-agent-updater.txt
    • C:\Windows\Logs\JCCredentialProvider\provider.log
    • C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf
    • C:\Program Files\JumpCloud\Plugins\Contrib\lockoutCache.json
    • C:\Program Files\JumpCloud\Plugins\Contrib\managedUsers.json
    • C:\Program Files\JumpCloud\Plugins\Contrib\version.txt
    • Event Viewer: Application.evtx
    • Event Viewer: Security.evtx
    • Event Viewer: System.evtx
    • Event Viewer: Windows PowerShell.evtx
  • Remote Assist Logs
    • C:\Windows\System32\config\systemprofile\AppData\Roaming\JumpCloud-Remote-Assist\logs\*.log
    • C:\Windows\Temp\jc_raasvc.log
  • Password Manager Logs
    • C:\Users\USERNAME\AppData\Roaming\JumpCloud Password Manager\logs\logs-live.log
  • MDM Enrollment and Hosted Software Management Logs
    • The logs and event view files gathered by the script using the following command:
      • “mdmdiagnosticstool.exe -area ‘DeviceEnrollment;DeviceProvisioning;Autopilot’
        • DiagnosticLogCSP_Collector_Autopilot_: Autopilot etls
        • DiagnosticLogCSP_Collector_DeviceProvisioning_: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
        • MDMDiagHtmlReport.html: Summary snapshot of MDM configurations and policies.Includes, management url, MDM server device ID, certificates, policies.
        • MdmDiagLogMetadata.json: mdmdiagnosticstool metadata file that contains command-line arguments used to run the tool.
        • MDMDiagReport.xml: contains a more detailed view into the MDM configurations, such as enrollment variables, provisioning packages, multivariant conditions, and others.
        • MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
        • MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
        • *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
    • Event Viewer: Application.evtx
    • Event Viewer: Security.evtx
    • Event Viewer: System.evtx
    • Event Viewer: Windows PowerShell.evtx
  • Bitlocker Logs
    • C:\windows\temp\jcagent.log
    • C:\windows\temp\jcagent.log.*
    • C:\Windows\Temp\jcagent_updater.log
    • C:\Windows\Temp\jcExecUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\Windows\Temp\jcUpdate.log
    • C:\Windows\Temp\jcUpgradeScript.log
    • C:\Windows\Temp\jcUninstallUpgrade.log
    • C:\windows\temp\jcagent.log.prevC:\windows\temp\pid-agent-updater.txt
    • C:\Windows\Logs\JCCredentialProvider\provider.log
    • C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf
    • C:\Program Files\JumpCloud\Plugins\Contrib\lockoutCache.json
    • C:\Program Files\JumpCloud\Plugins\Contrib\managedUsers.json
    • C:\Program Files\JumpCloud\Plugins\Contrib\version.txt
  • Software Management: Chocolatey
    • C:\ProgramData\chocolatey\logs\choco.summary.log
    • C:\ProgramData\chocolatey\logs\chocolatey.log
    • C:\windows\temp\jcagent.log
  • Software Management: Windows Store
    • Application.evtx
    • Microsoft-Windows-AppXDeployment-Operational.evtx
    • Microsoft-Windows-AppXDeploymentServer-Operational.evtx
    • Microsoft-Windows-AppxPackaging-Operational.evtx
    • Security.evtx
    • System.evtx
    • Windows PowerShell.evtx
  • Policies
    • C:\windows\temp\jcagent.log
    • RSOP Output (RSOP.HTML)
  • Active Directory Integration Logs
    • C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Import\JumpCloud_AD_Import_Grpc.log
    • C:\Windows\Temp\JumpCloud_AD_Integration.log
    • C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Import\jcadimportagent.config.json
    • C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Sync\JumpCloud_AD_Sync.log
    • C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Sync\config.json

Back to Top

Notebook IconLearn More

macOS Log Collection Script

Windows Log Collection Script

Retrieve JumpCloud Log Files Manually

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case