The Kandji Agent offers a suite of powerful Terminal commands that give admins additional control and information for their fleet of devices. While some commands can only be executed locally on a device using Terminal, others can be deployed through a Custom Script Library Item for greater flexibility.
Local-Only Commands
The following commands must be executed directly on a device in Terminal. They cannot be deployed via a Custom Script or a Custom App Library Item.
Run
The agent will run and check in immediately. Normally, the agent checks in every 15 minutes. Without an internet connection, the agent will run in offline mode.
Adding --reset-daily to the run command will run all Parameters, including those that are run only once per day.
Run Daily MDM Inventory Update
The agent will request the MDM server to initiate its daily MDM commands, such as validating Apps & Books from Apple Business Manager, as well as querying certain device information.
Collect Apps
Collects full application inventory from the Mac.
Run Library Items
Checks for library items to execute.
Available library command options:
Option | Description |
|---|---|
| List all of the library items assigned to the computer. |
| Get the current state of the Kandji Agent library manager. |
| Run a specific library item by name or library item ID; specify -F to force the execution. |
| Cancel the currently running library item and clears the current queue. |
Print Kandji Logs
Prints log entries for the Kandji Agent subsystem from the unified logging system. The `--last` option is required and specifies the number of previous seconds to print logs from. Replace <seconds> with a number, like 300. (Actual results displayed are limited based on available unified log storage.)
Redirect the output of the command using > to save to an external log file.
Available logs command options:
Option | Description |
|---|---|
| Print log entries without ANSI color formatting. |
| Includes debug level logs, debug logging must be enabled prior. |
Enable debug logging.
Disable debug logging.
Example debug logging command usage.
Logging Subsystems
The logging subsystems available in the Kandji Agent offer granular and targeted logging.
Subsystem predicate log command.
Available predicate log command options:
Option | Description |
|---|---|
| Includes info level logs when available. |
| Includes debug level logs, debug logging must be enabled prior. |
| Displays a complete list of available options. |
Subsystem predicate log command with options.
Available logging subsystems:
io.kandji.beekeeper
io.kandji.cli
io.kandji.daemon
io.kandji.installer
io.kandji.library-manager
io.kandji.menu
io.kandji.passport
io.kandji.parameter-agent
io.kandji.self-service
io.kandji.liftoff
Avert
List quarantined files.
Delete quarantined files.
Scriptable Commands
These commands can be executed through a Custom Script or a Custom App Library Item. They can also be run locally on a Mac in Terminal.
When using the scriptable options below, such as within a Custom Script Library Item, you must replace sudo kandji with the the full path to the binary: /usr/local/bin/kandji
Reboot
This option can be used in scripted workflows to force a reboot leveraging the Kandji Agent and menu bar application. It is visually similar to the reboot forced during FileVault enablement or a Managed OS upgrade.
This initiates a restart by prompting the logged-in user with a countdown timer. If no delay is specified, the default 1800 (30 minutes) will be used. If no user is logged in, the delay will be ignored, and the Mac will restart immediately.
Forces a restart without giving users the option to delay.
Dock
This option can be used in scripted workflows to add items to the end of the macOS Dock or remove items from the macOS Dock of the currently logged-in user.
The application referred to by the bundle identifier must be in the /Applications folder.
Optionally specifying the --all option adds the icon to the end of the Dock for all user accounts.
If using multiple options at a time, use a single command, and separate options using quotes and separating spaces, as shown in the example below.
Alert
This command can be used in scripted workflows to present an alert to users.
It has several options, outlined below.
Option | Description | Default if not provided |
|---|---|---|
| Specifies a custom title for the alert window | "Alert" |
| Specifies a custom message for the alert window | No default value |
| Specifies a custom icon for the alert window. It is recommended to use .jpg, .png, or .icns files | Kandji Agent icon |
| If provided, it will show an option to the user: "Do not show this message again" If this suppression key is provided in a future alert, and the user opts not to see it again, the alert will not be shown. | No default value If no suppression key is specified, the "Do not show this message again" option is not displayed. |
| Allows for specifying a custom URL for the alert Help button. Must be an HTTPS URL | No default value If no URL is specified, the Help button is not displayed. |
| Allows the alert to show but keeps the remainder of the script running without waiting for user interaction on the alert | Alert will show and wait for interaction from the user before the script proceeds. |
Below is an example of the underlying command for an alert and the resulting experience in macOS Sequoia:
Submit Diagnostics
Submit Diagnostics to Kandji. Equivalent to the action menu (gear) item available in the Kandji Menu.
Available submit-diagnostics command option:
Option | Description | Default if not provided |
|---|---|---|
| Specifies a comment to be presented in the diagnostics | No default value |
Version
Display the installed Kandji Agent version.
Help
Display help text.