I've got a policy that runs in my fleet that collects client-side crash and panic logs every 15 days. Ironically, the JAMF binary crashes the most out of all ofter apps/processes in my fleet.
Is anyone else seeing this kind of instability or have advise to correct it? I realize this is a broad question without posting specifics in the crash logs, but I've already escalated to JAMF support with no solution. Also, any advise on the method I'm using to collect logs is much appreciated.
How I'm collecting logs:
A JSS policy executes a script that zips the contents of /Library/Logs/DiagnosticReports and SCPs the resulting zip to one of my servers.
The server that received the zip runs a JSS policy every 15 days to cycle the log collection policy in the JSS and parse the resulting .zips.
When its done, I get a CSV with counts of crashes by process name.
I have separate scripts I can run ad-hoc which can parses though the logs and collect/counts panics, diagnostics, etc... It was necessary to collect the actual logs, as escalations to vendors of crash-pron products usually require the actual crash/panic logs.
My original plan was to leverage our corporate Splunk instance. However, I found out Splunk is geared for single line analysis, not multi-line logs like a crash or panic log.
