protectctl Command-Line Tool

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

The Jamf Protect agent includes the protectctl tool, which allows you to execute some Terminal commands on computers. The following commands are available:

Command

Description

repair

Finds and repairs issues that may occur during installation of the Jamf Protect agent.

version

Prints the Jamf Protect agent version installed on computers.

info

Prints the following information about computers:

  • Agent uptime and version
  • Install type (system extension or launch daemon)
  • Agent status (e.g., Protected, Enrolling, Missing Plan)
  • Tenant name
  • Plan ID
  • Plan hash
  • Plan log level
  • The date and time of the last agent check-in
  • The date and time of the last compliance check-in

You can also use the following flags:

  • The -v flag prints verbose information about the agent:
    • Agent connection information (state, protocol, identifier, and logs waiting in queue to send to a data endpoint)
    • Plan information (ID, log level, advanced threat control, telemetry, and tamper prevention status)
    • Threat Prevention information (current version, event, match count per sensor)
  • The --json flag prints the information in JSON format.
  • The --plist flag prints the information in PLIST format.
  • The --plain flag prints the information in plain text without tables.

checkin

Forces a Jamf Protect agent check-in on computers. You can also use the --insights flag to force a compliance check-in.

help

Prints help information about protectctl commands.

diagnostics

Temporarily changes the log level for diagnostic purposes.

You can use the following flags:
  • The -d (--duration) flag changes the temporary duration for setting the selected log level for a set amount of time. The default duration is five minutes.

  • The -e (--enable) flag enables the diagnostics mode. The default is set to true.

  • The -m (--mode) flag is used in conjunction with -l (--loglevel) and changes the mode of how the logs are presented.

    • The default mode stream provides live log streaming and log collection during the set duration of the specified log level. This flag overwrites the default log level to verbose. The maximum duration is 60 minutes.

    • The mode loglevel overwrites the default log level to the specified the log level for the set duration without log collection. The maximum duration is eight hours.

  • The -l (--loglevel) flag changes the log level to a selected level for the temporary duration set with the -d flag. The default log level is verbose.
  • The -v (--verbose) flag prints verbose information about the diagnostic command output.

  • The -o (--output-directory) flag allows for specifying a directory to save the diagnostic output information. The default location is the desktop.

Information returned from protectctl commands can also be shared with Jamf Pro via extension attributes for additional management action. For extension attribute examples, see the Jamf Protect extension attribute templates available in Jamf Pro or the Jamf Protect open source GitHub repository from Jamf: jamf / jamfprotect (GitHub).