sean_a Posted January 6, 2023 Share Posted January 6, 2023 Still looking but not yet finding it: Is last successful connection saved somewhere on the macOS client (so it can be captured by a launch daemon/agent or query)? Link to comment Share on other sites More sharing options...
Moderators Josh Levitsky Posted January 8, 2023 Moderators Share Posted January 8, 2023 I went down a rabbit hole seeing if I could figure it out. Of course when it isn't the weekend I'll try to see if I can find a developer who can share if there is a way, but in the end I made this API script that I've attached. I also will put the code below in this reply but the file is probably better to take to avoid any mangling that could happen in the post. So it uses "jq" which you can install with homebrew by doing brew install jq. You can run it on your mac like: ./api_LastConnection.sh ABC123 If you installed jq and got it right then you will get output like below: Serial Number is 8TS1YR2 Device ID is 47247206 Last Connect UTC 2022-11-08T17:44:11.352745Z The script is flexible in that you can just pass it serial numbers and it'll look them up or make this part of a larger script that perhaps checks a list of serial numbers. The script is at least a good example of how to take a serial number and turn it in to a query for something. I know it doesn't directly answer your question but in theory the server data is just as good to ask the question to, and if you did have "jq" on your remote machines you could run the command on any of them and then from the machine itself it would query though you wouldn't want the token in a script that sits on all your machines For sure you would want if the script was on their machines that you would pass the token as an argument when you ran it. Maybe this will be helpful for this or other things. Maybe someone will improve the script. The script: #!/bin/zsh ### API SCRIPT - LAST CONNECTION ########################################## ## A script to you can run to ask the API when the mac it is run on last talked to FW ## This could also be improved by changing the ISO8601 date to an easier format in local TZ ## This uses "jq" to parse the JSON. On the mac you are running this script on you would need ## jq present so if running this on remote machines you would want jq on there or to parse ## the output with something different. ## Server URL (remember it is https://) serverURL="https://myServer.filewave.net" ## Filewave Autorization token (remember it ends with a =) token="e2UxZTxxxxxxxTViLxxxNlNzA3ZWUwxxx5NH0=" # Change this if you want to override the serial number. By default this will # take the first arg passed to the script like # ./api_LastConnection.sh ABC123 # and if no argument is passed it will get the local machine serial serialNumber="$1" ########################################################################### ## Check that the Server URL begins with https:// if [[ ! "$serverURL" =~ ^https:\/\/ ]]; then echo "Server URL incorrect (missing https://)" exit 1 fi ## Check that the Server URL does not end with a trailing slash if [[ "$serverURL" =~ \/$ ]]; then echo "Server URL incorrect (remove trailing slash)" exit 1 fi ## Check that admin has add an authorization token if [[ "$token" == "" ]]; then echo "Authorization token is missing" exit 1 fi # Only get the serialNumber if we didn't hard code it above if [[ -z "$serialNumber" ]]; then ## Get serial number of local device serialNumber=$( ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}' ) fi echo "Serial Number is $serialNumber" ## Contact Filewave to get the device ID deviceID=$( curl -skf -H "Authorization: $token" -X GET "$serverURL/api/search/v1/global?limit=12&query=$serialNumber" -H "accept: application/json" | sed -e 's/.*id":\(.*\),"url.*/\1/' ) #if [[ -z $( echo "$deviceID" ) ]]; then if [[ -z "$deviceID" || "$deviceID" == "[]" ]]; then ## If the device ID was not found echo "Device not detected in Filewave database. Be sure you have the server URL and token right." else ## If the device ID was found echo "Device ID is $deviceID" # Let's get the last connection lastConnect=$(curl -s -k -H "Authorization: $token" -X GET "$serverURL/api/devices/internal/devices/$deviceID/details/general/fields" -H "accept: application/json" -d "" | jq -r '.fields[] | .[] | select(.name == "last_check_in") | .value') echo "Last Connect UTC $lastConnect" fi exit 0 api_LastConnection.sh Link to comment Share on other sites More sharing options...
Moderators Josh Levitsky Posted January 9, 2023 Moderators Share Posted January 9, 2023 @sean_a may I ask about what your goal is on checking it from the machine itself? I checked and the best we have is the client log but I want to understand how you would use the info if you could check it didectly. Was it for a technician to easily check at a machine and you don't use the Kiosk which would have status and could force a connection? Or was the it t automate a clients fix for a broken client? Link to comment Share on other sites More sharing options...
sean_a Posted January 9, 2023 Author Share Posted January 9, 2023 we are trying to reduce/eliminate the number of macOS devices that have last connection dates of x days or more. one idea under investigation is to compare client-side last connection date with date. If difference is over x days, then implement some kind of client-side notification. Link to comment Share on other sites More sharing options...
Moderators Josh Levitsky Posted January 9, 2023 Moderators Share Posted January 9, 2023 Ah I see that may make sense. Even if it was that maybe the OS could use a reboot where if it's more than 7 days (for example) you might prompt the user to restart? If you want it to be user driven by notification then yah I can see where you'd want that. I confirmed the only real option may be parsing the client log currently. There isn't anything else that exposes it. Link to comment Share on other sites More sharing options...
Moderators Sean Posted January 10, 2023 Moderators Share Posted January 10, 2023 You don't need to read the logs, you could instead query the server for that value if you like. Just consider how often you would be doing this though. This would check if the device had not checked in within the last 7 days: query='{"criteria":{"expressions":[{"column":"last_check_in","component":"Client","operator":"within_past","qualifier":7,"unit":"days"},{"column":"serial_number","component":"Client","operator":"is","qualifier":"'$serial_number'"}],"logic":"all"},"fields":[{"column":"last_check_in","component":"Client"}],"main_component":"DesktopClient"}' Note, this is an Admin console query, so port number required: curl -k -s -H "Authorization: $auth" https://$server_dns:20443/inv/api/v1/query_result/ --data $query -H "Content-Type: application/json" Of course, this would depend upon why it hasn't checked in. Clearly if it can't actually get to the server, then the API won't work either, but there are ways around that. 1 Link to comment Share on other sites More sharing options...
sean_a Posted January 10, 2023 Author Share Posted January 10, 2023 Quote Even if it was that maybe the OS could use a reboot where if it's more than 7 days (for example) you might prompt the user to restart? A reboot would be a simpler method, for (obvious) reasons of restarting FileWave client and general macOS stuff. Quote You don't need to read the logs, you could instead query the server for that value if you like. Just consider how often you would be doing this though. valid point on the "how often" part. Thank you everyone for your guidance!! 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now