Super-Friends/Create-MDM-Logs.sh

#!/bin/bash

# This script generates progress logs (similar to the logs generated by super) on a system that is being sent macOS update/upgrade MDM commands.
# The logs are saved to the current user's Desktop and automatically opened in the Console.app.
# https://github.com/Macjutsu/super
# by Kevin M. White
# 2023/11/15

# The default super logs are filtered to only show progress-related events and thus minimize the size of the logs.
# To generate unfiltered (verbose) progress logs set the following line to "FALSE".
FILTERED_LOGS="TRUE"

# Name for the MDM managed client command progress log:
MDM_COMMAND_LOG="mdm-command.log"

# Name for the MDM update/upgrade progress log:
MDM_WORKFLOW_LOG="mdm-workflow.log"

check_root() {
if [[ "$(id -u)" -ne 0 ]]; then
	echo "Exit: $(basename "$0") must run with root privileges."
	exit 1
fi
}

check_current_user() {
current_user_account_name=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ {$1=$2="";print $0;}' | xargs)
if [[ -z "${current_user_account_name}" ]]; then
	echo "Exit: No GUI user currently logged in."
	exit 1
elif [[ "${current_user_account_name}" = "root" ]] || [[ "${current_user_account_name}" = "_mbsetupuser" ]] || [[ "${current_user_account_name}" = "loginwindow" ]]; then
	echo "Exit: Current GUI user is system account ${current_user_account_name}."
	exit 1
else
	echo "Status: Current GUI user name is ${current_user_account_name}."
fi
}

start_logs() {
MDM_COMMAND_LOG="/Users/${current_user_account_name}/Desktop/${MDM_COMMAND_LOG}"
rm -f "${MDM_COMMAND_LOG}"
if [[ "${FILTERED_LOGS}" == "TRUE" ]]; then
	echo "Status: Starting filtered MDM managed client command progress log at: ${MDM_COMMAND_LOG}"
	log stream --style compact --predicate 'subsystem == "com.apple.ManagedClient" AND category == "HTTPUtil"' >> "${MDM_COMMAND_LOG}" &
else
	echo "Status: Starting unfiltered (verbose) MDM managed client command progress log at: ${MDM_COMMAND_LOG}"
	log stream --style compact --predicate 'subsystem == "com.apple.ManagedClient"' >> "${MDM_COMMAND_LOG}" &
fi
mdm_command_stream_pid=$!
chmod a+rw "${MDM_COMMAND_LOG}"

MDM_WORKFLOW_LOG="/Users/${current_user_account_name}/Desktop/${MDM_WORKFLOW_LOG}"
rm -f "${MDM_WORKFLOW_LOG}"
if [[ "${FILTERED_LOGS}" == "TRUE" ]]; then
	echo "Status: Starting filtered MDM update/upgrade progress log at: ${MDM_WORKFLOW_LOG}"
	log stream --style compact --predicate 'process == "softwareupdated" AND composedMessage CONTAINS "Reported progress"' >> "${MDM_WORKFLOW_LOG}" &
else
	echo "Status: Starting unfiltered (verbose) MDM update/upgrade progress log at: ${MDM_WORKFLOW_LOG}"
	log stream --style compact --predicate 'process == "softwareupdated"' >> "${MDM_WORKFLOW_LOG}" &
fi
mdm_workflow_stream_pid=$!
chmod a+rw "${MDM_WORKFLOW_LOG}"
}

open_logs() {
if [[ ! -f "${MDM_COMMAND_LOG}" ]]; then
	echo "Exit: Can't find log file at: ${MDM_COMMAND_LOG}."
	kill -9 "${mdm_command_stream_pid}" > /dev/null 2>&1
	kill -9 "${mdm_workflow_stream_pid}" > /dev/null 2>&1
	exit 1
fi
if [[ ! -f "${MDM_WORKFLOW_LOG}" ]]; then
	echo "Exit: Can't find log file at: ${MDM_WORKFLOW_LOG}."
	kill -9 "${mdm_command_stream_pid}" > /dev/null 2>&1
	kill -9 "${mdm_workflow_stream_pid}" > /dev/null 2>&1
	exit 1
fi
echo "Status: Opening logs for user ${current_user_account_name}."
sudo -u "${current_user_account_name}" open "${MDM_WORKFLOW_LOG}"
sudo -u "${current_user_account_name}" open "${MDM_COMMAND_LOG}"
}

main() {
check_root
check_current_user
start_logs
open_logs
echo "Status: MDM logging is active and open in the Console.app, start a macOS update/upgrade workflow on your MDM now to observe the workflow progress."
read -r -p "Status: Press enter when you are ready to stop the active logs and exit this script..."
kill -9 "${mdm_command_stream_pid}" > /dev/null 2>&1
kill -9 "${mdm_workflow_stream_pid}" > /dev/null 2>&1
}

main
exit 0