This article explains how to use log collection scripts for macOS and Windows devices and the information they collect. These scripts provide JumpCloud Admins a quick and easy way to collect all the necessary log files to troubleshoot JumpCloud related issues.
For Linux diagnostics, see the public script linked to the right under Learn More.
macOS
The macOS Log Collection script generates a comprehensive archive of JumpCloud service and related system logs.
To view the script, see macOS Log Collection Script.
Running via JumpCloud Commands (Recommended)
There are two configuration options located at the top of the script:
automate=false # set to true if running via a JumpCloud command (recommended)
days=2 # number of days of OS logs to gather
- The
automate
variable allows the script to run in a silent, non-interactive fashion suitable for use via JumpCloud Commands. To enable this run mode, change the value to
.automate=true
- The
days
variable adjusts the amount of system logs to gather from the macOS logging system. This value should be set as low as possible to capture the events related to the case. Extending this value may result in very large log files, and may substantially extend the run time of the script.
When running via JumpCloud Commands, be sure to run as “root” and set a “Timeout” value long enough to allow the script to finish. A timeout of 1800 seconds is recommended. Most runs will complete within 2 minutes, however depending on log verbosity and collection window, this time may increase substantially.
- If a user is logged in to the device the script is running on, upon completion a macOS Finder window will open the
/Users/<username>/Documents
directory to reveal the completed log archive. The archive will be namedjc-logArchive-[systemID]-[datestamp].tar.gz
and may be emailed to your Customer Success Manager or active support case.- If no user is logged in to the device, then the above archive will be written to the
/var/tmp/
directory with the same name in the previous section.
- If no user is logged in to the device, then the above archive will be written to the
Running Commands Locally
The log collection script requires access to protected areas of the OS in order to complete. Because of this, “Full Disk Access” is required for either
or the Terminal application./bin/bash
To grant Full Disk Access permissions:
- Go to System Settings > Privacy & Security > Full Disk Access.
- Click the + icon and browse to Applications > Utilities > Terminal.app.
- Ensure the access is enabled for that application.
- To run the script, open the Terminal app, navigate to the directory where you saved the script, and run
sudo /bin/bash log_Collection.sh
. - When run manually, you will be prompted to acknowledge the script will collect the listed items from the system.
Once done, the
directory opens in a macOS Finder to reveal the assembled archive which you can share with your JumpCloud representative./Users/<username>/Documents
Collected Information
- JumpCloud Agent Logs, including:
- Agent, Installation, Tray app, Remote Assist service and Loginwindow logs from /var/log/
- User agent, Device-trust keychain, and Remote Assist logs from each managed user’s ~/Library/Logs directory
- JumpCloud Go and Loginwindow logging from the macOS Logging system
- Patch management configuration and notification logs
- System Telemetry, including:
- Currently applied software update settings
- Presented/Available macOS Software Update list
- Details of all installed configuration profiles
- appstored process logs (for VPP & Custom software deployment logs)
- Filesystem details
- FileVault status and SecureTokens provisioned on the system (no secrets are collected)
Windows
The Windows Log Collection Script lets you collect all necessary application and event viewer logs, configuration files, and registry keys. This enables you or your JumpCloud support representative to quickly find information related to your issues to allow for faster issue resolution.
The script can run via JumpCloud Commands, or locally on any Windows endpoint.
To view the script, see JumpCloud Windows Log Collection Script.
Running via JumpCloud Commands (Recommended)
When you run the Log Collection script from the JumpCloud Admin console, you need to create a new Windows Powershell command, and change the $automate
value from $false
to $true
.
############### Do Not Modify Below
set to $true if running via a JumpCloud command (recommended)
$automate = $true
#
- Setting the
$automate
value to$true
ensures the script is executed on the end user’s device without user intervention. - When set to
$true
, the script will automatically run with the All Logs selection. - This will gather all logs and files listed in the Collected Information selection, with the exception of the Active Directory Integration logs.
- The log output location is
C:\Windows\Temp\$hostname_Jumpcloud_Agent_Logs.zip
.
Running Locally
To run the script manually:
- Open an elevated PowerShell prompt.
- Navigate to the directory where you saved the script.
- Run
.\log_collection.ps1
.
When ran locally you will be presented with the following options:
You can gather all logs, with the exception of the Active Directory logs, or individual or groups of logs based on the issues you’re troubleshooting.
Once done, the C:\Windows\Temp
directory opens in Windows Explorer to reveal the archive, $hostname_Jumpcloud_Agent_logs.zip,
which you can share with your JumpCloud representative.
Collected Information
- Agent Logs
- C:\windows\temp\jcagent.log
- C:\windows\temp\jcagent.log.*
- C:\Windows\Temp\jcagent_updater.log
- C:\Windows\Temp\jcExecUpgradeScript.log
- C:\Windows\Temp\jcUninstallUpgrade.log
- C:\Windows\Temp\jcUpdate.log
- C:\Windows\Temp\jcUpgradeScript.log
- C:\Windows\Temp\jcUninstallUpgrade.log
- C:\windows\temp\jcagent.log.prev
- C:\windows\temp\pid-agent-updater.txt
- C:\Windows\Logs\JCCredentialProvider\provider.log
- C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf
- C:\Program Files\JumpCloud\Plugins\Contrib\lockoutCache.json
- C:\Program Files\JumpCloud\Plugins\Contrib\managedUsers.json
- C:\Program Files\JumpCloud\Plugins\Contrib\version.txt
- Event Viewer: Application.evtx
- Event Viewer: Security.evtx
- Event Viewer: System.evtx
- Event Viewer: Windows PowerShell.evtx
- Remote Assist Logs
- C:\Windows\System32\config\systemprofile\AppData\Roaming\JumpCloud-Remote-Assist\logs\*.log
- C:\Windows\Temp\jc_raasvc.log
- Password Manager Logs
- C:\Users\USERNAME\AppData\Roaming\JumpCloud Password Manager\logs\logs-live.log
- MDM Enrollment and Hosted Software Management Logs
- The logs and event view files gathered by the script using the following command:
- “mdmdiagnosticstool.exe -area ‘DeviceEnrollment;DeviceProvisioning;Autopilot’
- DiagnosticLogCSP_Collector_Autopilot_: Autopilot etls
- DiagnosticLogCSP_Collector_DeviceProvisioning_: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
- MDMDiagHtmlReport.html: Summary snapshot of MDM configurations and policies.Includes, management url, MDM server device ID, certificates, policies.
- MdmDiagLogMetadata.json: mdmdiagnosticstool metadata file that contains command-line arguments used to run the tool.
- MDMDiagReport.xml: contains a more detailed view into the MDM configurations, such as enrollment variables, provisioning packages, multivariant conditions, and others.
- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
- “mdmdiagnosticstool.exe -area ‘DeviceEnrollment;DeviceProvisioning;Autopilot’
- Event Viewer: Application.evtx
- Event Viewer: Security.evtx
- Event Viewer: System.evtx
- Event Viewer: Windows PowerShell.evtx
- The logs and event view files gathered by the script using the following command:
- Bitlocker Logs
- C:\windows\temp\jcagent.log
- C:\windows\temp\jcagent.log.*
- C:\Windows\Temp\jcagent_updater.log
- C:\Windows\Temp\jcExecUpgradeScript.log
- C:\Windows\Temp\jcUninstallUpgrade.log
- C:\Windows\Temp\jcUpdate.log
- C:\Windows\Temp\jcUpgradeScript.log
- C:\Windows\Temp\jcUninstallUpgrade.log
- C:\windows\temp\jcagent.log.prevC:\windows\temp\pid-agent-updater.txt
- C:\Windows\Logs\JCCredentialProvider\provider.log
- C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf
- C:\Program Files\JumpCloud\Plugins\Contrib\lockoutCache.json
- C:\Program Files\JumpCloud\Plugins\Contrib\managedUsers.json
- C:\Program Files\JumpCloud\Plugins\Contrib\version.txt
- Software Management: Chocolatey
- C:\ProgramData\chocolatey\logs\choco.summary.log
- C:\ProgramData\chocolatey\logs\chocolatey.log
- C:\windows\temp\jcagent.log
- Software Management: Windows Store
- Application.evtx
- Microsoft-Windows-AppXDeployment-Operational.evtx
- Microsoft-Windows-AppXDeploymentServer-Operational.evtx
- Microsoft-Windows-AppxPackaging-Operational.evtx
- Security.evtx
- System.evtx
- Windows PowerShell.evtx
- Policies
- C:\windows\temp\jcagent.log
- RSOP Output (RSOP.HTML)
- Active Directory Integration Logs
- C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Import\JumpCloud_AD_Import_Grpc.log
- C:\Windows\Temp\JumpCloud_AD_Integration.log
- C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Import\jcadimportagent.config.json
- C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Sync\JumpCloud_AD_Sync.log
- C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Sync\config.json