Skip to main content

Create a Self Service Policy to Generate a Sysdiagnose Log

Create a Self Service Policy to Generate a Sysdiagnose Log

Updated over 2 weeks ago

Description

Sysdiagnose logs are crucial when attempting to troubleshoot issues on a Mac, however gathering them can be difficult if the end user is remote and unfamiliar with Terminal. This guide explains how to create a Self Service policy to generate the sysdiagnose log and place it on the user's desktop for easy access, so all the user needs to do is click a button in Self Service.

Creating a Policy to Generate a Sysdiagnose Log

The main component of this policy is the Files and Processes payload, which is where we'll enter the Terminal commands to run in the Execute Command field. The bare minimum we need here is this:

sysdiagnose -u

This will simply generate the log without any user interaction. If we want to have the log generated and saved in a specific location, we'll need to add another flag and a path:

sysdiagnose -u -f /path/to/location


Finally, if we want the log saved to a location within the current user's home folder, such as their Desktop, we'll need to add an extra bit in order to gather the current user's username:

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

This will save the username in the $loggedInUser variable, which we can then use in the sysdiagnose command above:

sysdiagnose -u -f /Users/$loggedInUser/Desktop

All together, the entire Execute Command field should look like this:

loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) && sysdiagnose -u -f /Users/$loggedInUser/Desktop


From there, just set the Self Service options to our liking, with the end result looking something like this:

This photo is an example of what to expect in your end result.


All the end user needs to do is open Self Service, click the "Gather Logs" button, and wait for the log gathering process to finish. We should see the full log file saved to the specified location once the process is complete.

Did this answer your question?