PanSift is a macOS troubleshooting and monitoring tool with a focus on the network. It is for those who support others remotely and enables them to rapidly find and fix issues (especially WiFi related). Whether you are a family member doing Zoom calls, a developer, a salesperson, or a gamer - few can afford to be disconnected, interrupted, or slowed down. Pansift makes the invisible visible for a quick fix.
PanSift is about helping clients and teams avoid stress and stay productive by helping to optimize their tools and networks. It's about saving you time, maintaining your and other's situational awareness, and getting to root causes quickly, easily, and remotely (even for historical issues!). Whether it's WiFi, DNS, IPv4, IPv6, or HTTP issues - PanSift allows you to keep an eye on multiple remote machines (just like server monitoring) only with a lighter, heavily wireless-focused, and user-friendly agent. More info: https://pansift.com
See status.pansift.com for live operational status.
While logged in as a user, download the Pansift PKG and run it.
You can then claim your agent from the agent's user interface options in your Mac's menubar (under "PS") or do so manually via the web application (using the agent's bucket UUID code). Claiming will require you to sign up for an account at https://pansift.com to view your agent's data and insights. Happy troubleshooting!
Unattended installs assume that an orchestration or MDM (Mobile Device Management) platform is available to you. It also assumes command line and/or custom scripting access within a user's valid session and context (i.e. the targeted user on the machine). This approach also assumes you have paid for > 2 agents and want minimal interaction with the user(s) or endpoint(s) for provisioning.
For paid accounts (i.e. > 2 agents) please contact support to have a commercial multi-agent bucket pre-prepared for you in advance (otherwise each agent will get its own bucket on the free platform and lots of individual bucket UUIDs will need to be communicated and claimed individually). We are working to simplify and automate this process.
This method is required to prevent the ZTP (Zero Touch Provisioning) process from running. It involves pre-staging the agent configuration and is required before running any PKG installer. It also means you must specify custom settings in a pre-install script in advance of any other steps or scripted PKG installs. This ensures that agents will report to your specific nominated bucket from the outset.
Automatic provisioning requires amending portions of the unattended_preinstall.sh script and running it on remote machines before installing the PKG file. You must customize 3 configuration items (<BUCKET_UUID>, <INGEST_URL>, <ZTP_TOKEN>) in the unattended_preinstall.sh before deploying the Pansift PKG installer. The script is run as root but then sudo's to the logged in user to preposition the config files you have customized.
ℹ️ Buckets form one boundary for account-based reads and agent writes. Buckets also define the test host records used by DNS, HTTP, and traces for all agents in that bucket. Please consider what agents you want to report in to what buckets. Multiagent buckets allow you to administer a group of agents rather than the default 1-1 agent to bucket mapping.
⚠️ You must run the scriptunattended_preinstall.shscript as root. It then switches (when necessary) to the logged in user (i.e. the one you presumably wish to target).
Note: You can also pre-stage fully populated pansift_uuid.conf, pansift_token.conf, and pansift_ingest.conf yourself if you wish (though this is what the unattended_preinstall.sh does). You should be able to copy the script to your MDM or orchestration tool's pre-installation script window and ensure it is run while there is a logged-in user.
Once the Pansift.app runs for the first time, it bootstraps its configuration. If the files above are not present, it will run the normal ZTP process to get new and random bucket details (which you probably don't want as then you need to interact with the user or re-push your nominated bucket details and reinstall or restart the agent locally).
⚠️ Don't forget to run an "agent sync" in the web application after deploying new agents.
- Please remember for commercial/mass deployments the unattended_preinstall.sh script needs to be able to switch to the context of the user account you intend to implement PanSift's RUM (Real User Monitoring) on. You should also have a full window session available to the script as it also opens the PanSift application. In some MDM platforms you can ensure a script is only run once during login and scoped to a target user (which then ensures a user is logged in during the install).
- Please contact support to create a new multi-agent bucket if you require one. You can use an existing bucket if you have claimed one from a free account though data will then reside on the free Influx OSS tier (rather than the commercial Influx cloud).
⚠️ The below files are auto-generated during standalone installs so you must populate and stage them in advance if you wish to use a multi-agent bucket as per the methods outlined above.
-
pansift_uuid.confcontains a single string comprised of a UUIDv4 value e.g.84b878ec-da07-490e-8375-c36dfbb098fa. YOU CAN NOT ARBITRARILY CREATE IDs YOURSELF; they must be provisioned in advance. This is actually the bucket UUID that you want the agent to writes to. This bucket UUID is available from your account. If you have not claimed any buckets yet or wish to use a new and dedicated bucket then please contact support -
pansift_token.confcontains a single string comprised of an 86-character hexadecimal string ending in a double equals "==" (so it's 88 characters long). YOU CAN NOT ARBITRARILY CREATE IDs YOURSELF; they must be provisioned in advance. This ZTP write token is available from the bucket details in your account. The write token for the bucket can be used by multiple agents hence a 'multiagent' bucket. Contact support if you are using a "multiagent" bucket and want discrete tokens per agent rather than creating more buckets as a grouping boundary.⚠️ This token only allows writes and not reads to a specific bucket. -
pansift_ingest.confcontains a single string comprised of a fully qualified URL for the bucket's datastore and ingest host. It takes the form of thepansift/bucketUUID as the host portion in theingestsubdomain. A URL example would be as such;https://84b878ec-da07-490e-8375-c36dfbb098fa.ingest.pansift.com(but replace with your UUID), and it needs to resolve in DNS before writes will succeed. This URL tells the agent which datastore host to speak to. The DNS entry is created during the normal ZTP process or by support (so please liaise with support for mass deployments if you are unsure). Please also check the PanSift log for a new agent or contact support if this is not resolving for you. ℹ️ The FQDN(Fully Qualified Domain Name) is a CNAME that points to the datastore A record.
⚠️ Do not configure thepansift_ingest.confdatastore URL with the A record. Use "https://" + the CNAME which follows the pattern ofhttps://<uuid>.ingest.pansift.comotherwise backend operational changes may cause interruptions to your agents' ability to write.
There are three options for uninstalling PanSift:
- Manual Uninstall: via the agent UI click "PS/Internals/Uninstall/Interactively" (which opens the terminal and runs the Uninstall script)
- Uninstall Script: via the command line, which requires a "-s" command line switch. This second silent approach is for remote administration and is usually used by Managed Service Providers (MSPs) to perform targeted/mass uninstalls via their MDM (Mobile Device Management) platform. It should be run with root privileges while the targeted user is logged in.
- Package-Based Uninstall: This uses the new PanSift Uninstaller package (in testing). You can click to it run via the UI or use the command line to activate once positioned/downloaded. This can also be used by Managed Service Providers (MSPs) to perform targeted/mass uninstalls). More information below...
There's an "Uninstall" option in the Agent menu under "PS/Internals/Uninstall/Interactively" (which opens the terminal and goes from there, including asking you to record your configuration if required, or supplying your password).
Alternatively, you can remove it from your "Login Items" and also delete from "Applications" + stop the Telegraf process (though this is what the Uninstall script does). If the "Uninstall" option is not bringing up your Mac's "Terminal", just open a fresh "Terminal" and click "Uninstall" from the menu again.
Please use the "-s" silent command line option for unattended uninstalls when using Uninstall script remotely.
The parent process should have root-level permissions, as removing applications from the /Applications folder requires escalated privileges (including removing Login Items for a user using System Events).
Note: If you look at the script, it expects the user under which PanSift was installed to be logged in. So, even though running with root permissions, $HOME should resolve for the current user to ensure the login items are removed, as are the configuration files.
Please see the uninstall script here: Uninstall script
Simply open the PanSift Uninstaller package and follow along. It will ask you for your password and if it can access "System Events" and "Documents" to remove PanSift including its "Login Item".
ℹ️ you can also run the PanSift Uninstaller package from the command line as root (or with sudo) via something like:
sudo installer -pkg Pansift_Uninstaller.pkg -target /Applications/which can be useful in remote management scenarios. Make sure you specify the correct path to the PKG file once you have prepositioned it after download.
⚠️ This package is an empty package with a simple preinstall script that runs unattended_uninstall.sh, which is also easily inspectable from the PKG file with a tool like Suspicious Package.