Monitoring and maintaining the Tanium Appliance

Perform regular maintenance tasks to ensure that the Tanium Appliance infrastructure remains in good health. For maintenance tasks to be performed on a routine basis, see Perform monthly maintenance and Perform quarterly maintenance. If an appliance is not performing as expected, you might need to troubleshoot issues or change settings. See Support and Troubleshooting for related procedures.

Use the Appliance Maintenance menu to perform most maintenance tasks, such as backups, system resets, TanOS upgrades, and system reboots or shutdowns. The Appliance Configuration menu contains some of the configuration options for ongoing monitoring and maintenance. The Tanium Support menu contains several tools to monitor status and run diagnostics.

Configure Tanium Appliance monitoring

Perform any of the following tasks to facilitate monitoring the health of your Tanium deployment and Appliance infrastructure. For example, if your organization has a syslog server or SNMP manager, you can integrate it with the Appliance for monitoring. If these monitoring solutions reveal issues that require resolution, see Support and Troubleshooting.

Configure TanOS alerts

TanOS can send alerts to a syslog server or to an email recipient. For optimal results, configure an SMTP email recipient. If the syslog server fails, the SMTP recipient receives a failure notification every 15 minutes until either the failure is resolved or syslog forwarding is disabled. See Configure syslog alerts.

Configure syslog forwarding

You can forward Appliance logs to a remote syslog server. The syslog forwarding configuration is separate from the syslog alert configuration. For the differences, and the steps to configure syslog forwarding, see Configure syslog forwarding.

Configure SNMP

You can configure integration with an SNMP manager to collect and analyze Appliance information. After you configure credentials, the user tansnmp can make a remote SNMP connection to the Appliance or to the Integrated Dell Remote Access Controller (iDRAC) interface of a physical Appliance to conduct SNMP polling from a remote host or SNMP manager. See Configuring SNMP.

Perform monthly maintenance

If these tasks reveal issues that require resolution, see Support and Troubleshooting.

Review the Health Check report

The Health Check report provides information on the health of the Appliance operating system, hardware, users, network, services, applications, database replication, RAID security, Postgres SSL, and virtual machine (if applicable).

1. Run the report. See Run the Health Check.

2. Review the output for actionable items, which are summarized at the end of the output.

   For example, the output might indicate that the End User License Agreement (EULA) is not accepted.

Monitor Appliance performance (optional)

See the following tasks for the steps to run commands for viewing Appliance performance information:

• Run a SAR command to view statistical information such as CPU load, memory paging, memory utilization, swap usage, and network input/output (I/O).
• Run the iotop command to view I/O utilization by process.
• Run the perf top command to view CPU usage by function.
• Run the htop command to view detailed information about each running process, such as memory and CPU consumption. The output provides an interface whereby you can navigate among values and tabs by keyboard and mouse.

Perform quarterly maintenance

Verify the grub key backup

You can use the grub key during the boot sequence to diagnose and recover from failure conditions. During recovery, you must provide the key to Tanium Support for a technician to extract the grub password.

1. Verify that a backup of the latest key resides in a safe location off the Appliance.

   A new backup is required whenever the key password is regenerated. See Change the grub key password.

2. Export the key and save it in a safe location if no backup exists or if the current backup is not the latest. See Export the grub key.

Review and update TanOS user accounts

1. On each appliance, review the TanOS system users to ensure that they can access the Appliance operating system and that they have the appropriate authentication settings. For example, users who authenticate through passwords must comply with the password policy of your organization. See Modify the local authentication service security policy.

   The predefined roles for TanOS system users include:

   • tanadmin: Users with this role can access all TanOS console menus. It is useful to have more than one tanadmin user in case you forget the password for the initial tanadmin user that is created during Appliance setup.
   • tancopy: Users with this role can copy files to and from the /incoming and /outgoing directories on the Appliance.
   • tanuser: Users with this role can access only status menus in the TanOS console.

   For details and procedures, see Managing users.

2. Verify that the predefined tanremote user account is present if you configured an Integrated Dell Remote Access Controller (iDRAC) interface on the physical Appliance. The account provides remote access to the iDRAC virtual console. This is useful for diagnosing hardware and network interface issues if the TanOS system becomes unavailable. For details and procedures, see Manage the iDRAC interface (physical Tanium Appliances only).

Backup overview

TanOS contains the options to perform core and comprehensive backups. physical Tanium Appliances and virtual Tanium Appliances with inactive partitions also have the option to back up the active partition to the inactive partition. On virtual Tanium Appliances and cloud-based Tanium Appliances, you can also take a snapshot of the appliance image. For core and comprehensive backups, you can schedule automatic backups or perform a manual backup.

For more information and steps, see Backing up and recovering Tanium Appliances.

Configure syslog forwarding or alerts

TanOS can forward appliance logs to a remote syslog server or send alerts to a syslog server or to an email recipient. For optimal results with alerts, configure an SMTP email recipient. If the syslog server fails, the SMTP recipient receives a failure notification every 15 minutes until the failure is resolved or syslog forwarding is disabled.

Severity level is a global setting that applies to both Syslog and SMTP alerts.

Syslog alerts versus forwarding

The syslog forwarding configuration under Appliance Configuration is separate from the syslog alert configuration in the Appliance Maintenance menu. Note these key differences:

• Syslog configuration for alerts sends events that match the specified alert threshold severity (info, warn, and error).

• Syslog forwarding configuration sends all messages located in /var/logs/messages to a syslog destination.

Check the syslog status

The syslog status shows the last five log entries and the current syslog forwarding configuration.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-4 (Appliance Configuration > Syslog Configuration).

3. Enter 1 to view the status. View screen

   ------------------------------------------------------
   
   >>> Appliance Configuration -> Syslog Configuration -> Check Status <<< 
   
    Checking existing syslog configuration
   
    ###
    Found TanOS syslog configuration with destination logfile Kernel
   
    Current size of /var/log/tanos :76924
   
    Last 5 entries in /var/log/tanos:
   2020-05-22T14:00:01.756970+00:00 appliance-160 TanOS_Shell: privileged_support_health_check.sh: 
   DEBUG called by root -b
   2020-05-22T14:15:01.908001+00:00 appliance-160 TanOS_Shell: privileged_support_health_check.sh: 
   DEBUG called by root -b
   2020-05-22T14:30:01.962601+00:00 appliance-160 TanOS_Shell: privileged_support_health_check.sh: 
   DEBUG called by root -b
   2020-05-22T14:31:19.706181+00:00 appliance-160 TanOS_Shell: privileged_appliance_configuration_
   ntp.sh: DEBUG called by tanadmin
   2020-05-22T14:33:36.632542+00:00 appliance-160 TanOS_Shell: privileged_appliance_sub_configurat
   ion_syslog.sh: DEBUG called by tanadmin
   
    ###
    No existing TanOS syslog forwarding configuration found
   
    Press enter to continue

Configure syslog forwarding

Import a syslog server trust certificate

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-4 (Appliance Configuration > Syslog Configuration).

3. Enter 2 to view the trust certificate, 3 to paste it (PEM format), or 4 to remove it.

Enable syslog forwarding

Syslog Forwarding sends the same data that gets logged in /var/log/messages to the destination.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-4 (Appliance Configuration > Syslog Configuration).

3. Enter 5 and follow the prompts to specify the settings for the remote syslog server. View screen

   ------------------------------------------------------
   
   >>> Appliance Configuration -> Syslog Configuration -> Configure <<< 
   
   Configuring syslog forwarding (empty destination to disable forwarding)
   
   Please enter the destination host: 10.10.10.10
   Please enter the destination port: 514
   Please enter the destination protocol [tcp/udp]: tcp
   Enable TLS? [Yes|No]: n
   Enable TCP octet framing? [Yes|No]: y
   Enable RFC5424 output format? [Yes|No]: y
   
   Will create syslog forwarding configuration
   Finished configuring syslog forwarding
   Press enter to continue

   If you do not enable RFC5424 output format, TanOS defaults to RFC3164 syslog output.

Configure syslog alerts

Set the alert severity level

Use the Configure Alerts menu to set the alert severity threshold to info, warn, or error.

• Info: Includes all alerts
• Warn: Includes all error and warning alerts
• Error: Includes error alerts

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-2-3 (Appliance Maintenance > Alerting > Configure Alerts).

3. Use the menu to set a severity level and enable/disable alerting.

Configure a syslog server destination for alerts

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-2-1 (Appliance Maintenance > Alerting > Configure Syslog Destination).

3. Enter 2 and follow the prompts to configure a syslog destination. View screen

   >>> Appliance Maintenance -> Alerting -> Configure Syslog Destination <<< 
   
   Please enter the destination host: 10.10.10.10
   Please enter the destination port: 514
   Please enter the destination protocol [tcp/udp]: udp
   
   Alert syslog destination updated.

4. Enter 1 to enable syslog alerts. The Configure Syslog Destination menu updates to show the current status. View screen

   >>> Appliance Maintenance -> Alerting -> Configure Syslog Destination <<< 
   
   Current destination status: Enabled 
   Current server address: 10.10.10.10
   Current server port: 514
   Current server protocol: udp
   
            1: Enable/Disable syslog alerts
            2: Edit Syslog Destination
            3: Send Syslog Test Alert
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

5. Enter 3 to send a test alert to the syslog server.

The test alert appears in the syslog server logs.

Configure an SMTP destination for alerts

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-2-2 (Appliance Maintenance > Alerting > Configure SMTP Destination).

3. Enter 2 and follow the prompts to configure the SMTP destination. View screen

   >>> Appliance Maintenance -> Alerting -> Configure SMTP Destination <<< 
   
   Please enter the SMTP host: 10.10.10.10
   Please enter the destination port: 25
   Please enter the recipient email address: [email protected]
   
   Alert SMTP destination updated.

4. Enter 1 to enable SMTP alerts. The Configure SMTP Destination menu updates to show the current status. View screen

   >>> Appliance Maintenance -> Alerting -> Configure SMTP Destination <<< 
   
   Current destination status: Enabled 
   Current server address: 10.10.10.10
   Current server port: 25
   Current recipient address: [email protected] 
   
            1: Enable/Disable SMTP alerts
            2: Edit SMTP Destination
            3: Send SMTP Test Alert
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

5. Enter 3 to send a test alert to the mail recipient.

Configuring SNMP

Tanium Appliances support SNMP v3, though the SNMP service is not enabled by default. You can configure SNMP credentials and start the service to allow remote SNMP connections to the appliance or to the iDRAC interface of a physical Tanium Appliance. The default user name for SNMP connections is tansnmp. A remote host or SNMP manager can use the configured credentials to conduct SNMP polling on the appliance. Tanium Appliances only respond to SNMP requests; they do not send SNMP traps.

There is not a Tanium-specific MIB. Tanium Appliances report a specific SNMPv2 sysObjectID and include the following standard MIBs:

• SNMPv2-MIB
• IP-MIB
• IF-MIB
• TCP-MIB
• UDP-MIB
• HOST-RESOURCES-MIB
• UCD-SNMP-MIB

For a physical Tanium Appliance, see Dell Technologies: SNMP Reference Guide for iDRAC and Chassis Management Controller for information about the MIB used with iDRAC. Some limitations apply for the iDRAC implementation in the Tanium Appliance. For example, the Tanium Appliance does not support SNMP v1 or v2, nor does it send SNMP traps.

Set password and start the SNMP service

Passwords must contain at least 8 characters.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-5 (Appliance Configuration > SNMP Configuration).

3. Enter S , enter the desired SNMP password at the prompt, and hit enter to save the password and enable the SNMP service. View screen

   ------------------------------------------------------
   
   >>> Appliance Configuration -> SNMP Configuration <<< 
   
   State:     Enabled
   Username:  tansnmp
   Location:  New York, NY
   Contact:   [email protected]
   EngineID:  0x80001f8880d6736914ae15e56000000000
   
   Sample:
   snmpwalk -v3 -u tansnmp -A 'password' -X 'password' -a sha -x AES -l authPriv 10.10.10.61
   
             U: Change the Username
             L: Change the Location
             C: Change the Contact
             V: View SNMP Service Status
             D: Stop the SNMP Service
             S: Set Password and Start the SNMP Service
   
             R: Return to previous menu  RR: Return to top
   			
   ------------------------------------------------------
   
    TanOS Version:        1.8.1 
    
   	Please select: s
   	Enter the desired SNMP password: 
   
   	Successfully saved and enabled the SNMP service
   
   	Press enter to continue

Change the SNMP user name, location, or contact

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-5 (Appliance Configuration > SNMP Configuration).

3. Enter U to change the user name, L to change the location, or C to change the contact and follow the prompts to enter the new value.

View SNMP service status

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-5 (Appliance Configuration > SNMP Configuration).

3. Enter V to view the SNMP service status details.

Stop the SNMP service

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-5 (Appliance Configuration > SNMP Configuration).

3. Enter D to stop and disable the SNMP service.

Upgrade TanOS

See Upgrade TanOS.

Request a shell access key

You can request OS shell access to examine OS processes and files written to the file system. See Examine Tanium and TanOS files.

Clean up generated files

Clean directories to clear up disk space or clear logs to make it easier to work with new entries in the log viewer.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-A (Appliance Maintenance > Clean directories).

3. Use the menu to delete files that have been generated in the SFTP /incoming and /outgoing directories, core dump files, application logs, and so on.

Reboot or shut down

Tasks that you complete with TanOS menus typically do not require you to reboot the system. A reboot might be required during troubleshooting workflows.

Shutdown turns off the system and powers down the appliance.

On a physical Tanium Appliance, you must have physical or iDRAC access to the appliance to power it on. Do not perform a system shutdown unless you are prepared to power the appliance back on.

Reboot

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-B-1 (Appliance Maintenance > Reboot/Shutdown > Reboot).

3. Follow the prompts to reboot the appliance.

Shut down

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-B-2 (Appliance Maintenance > Reboot/Shutdown > Shutdown).

3. Follow the prompts to shut down the appliance.

Increase storage

On cloud-based Tanium Appliances and virtual Tanium Appliances, you can add a disk to the virtual image or increase the size of the existing virtual disk to increase the amount of storage that is available to TanOS.

This action is not reversible. Storage that you add to the appliance is permanently allocated. Do not attempt to remove disk storage from an appliance, as the appliance becomes unusable.

1. Modify the virtual image to add a disk or increase the size of the existing virtual disk.
2. Sign in to the TanOS console as a user with the tanadmin role.

3. Enter B-I (Appliance Maintenance > Increase Storage).

4. Follow the prompts to add the disk storage. View screen

   >>> Maintenance -> Increase Storage <<< 
   
    Utilize unused disks or free disk space to expand the TanOS /opt partition.
    
    This space can be additional storage that has been added through the hypervisor
    or reclaimed space from discarding alternate paritions.
    
    Be advised: This action is permanent!
   
    Current space
   Filesystem                 Size  Used Avail Use% Mounted on
   /dev/mapper/VolGroup1-opt  349G   14G  318G   4% /opt
   
    Additional space available: 445.41 GiB
   
   Would you like to add this additional space to TanOS? [Yes|No]: yes
     Size of logical volume VolGroup1/opt changed from 354.34 GiB (90712 extents) to <799.76 GiB (204
   738 extents).
     Logical volume VolGroup1/opt successfully resized.
   resize2fs 1.42.9 (28-Dec-2013)
   Filesystem at /dev/mapper/VolGroup1-opt is mounted on /opt; on-line resizing required
   old_desc_blocks = 45, new_desc_blocks = 100
   The filesystem on /dev/mapper/VolGroup1-opt is now 209651712 blocks long.
   
   Filesystem                 Size  Used Avail Use% Mounted on
   /dev/mapper/VolGroup1-opt  788G   14G  739G   2% /opt
    Press enter to continue
   

   If your virtual Tanium Appliance has an inactive partition set, any new storage is evenly allocated across the active (/OPT) and inactive (/ALTOPT) partitions.

Manage OS services

Use this menu to start, stop, restart, enable, and view status details for the network time protocol daemon (chronyd) and SSH daemon (sshd) services.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-S (Appliance Maintenance > OS Services).

3. Select a service to open the Service Control menu:

   • To manage chronyd, enter 1.View screen

      ------------------------------------------------------
     
                  >>> Service Control -> chronyd <<< 
     
         Service        State      Status
         chronyd        enabled    running
     	
         NOTE: Cannot disable OS services
     
               1: Start service
               2: Stop service
               3: Restart service
               4: [DISABLED] Disable service
               5: Enable service
               6: Status Details
     
               R: Return to previous menu  RR: Return to top
     
      ------------------------------------------------------

   • To manage sshd, enter 2.View screen

      ------------------------------------------------------
     
                  >>> Service Control -> sshd <<< 
     
         Service        State      Status
         sshd           enabled    running
     	
         NOTE: Cannot disable OS services
     
               1: Start service
               2: Stop service
               3: Restart service
               4: [DISABLED] Disable service
               5: Enable service
               6: Status Details
     
               R: Return to previous menu  RR: Return to top
     
      ------------------------------------------------------

4. Use the menu to select an action to start, stop, restart, enable, or view status details for the service.

5. Follow the prompts to perform the action.

View the overall status for TanOS, Tanium, and the appliance

View system status

System status shows OS and network status.

View system status with the tanadmin role

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 4-1 (Status > System Status).

3. Enter 1 to view OS status, or enter 2 to view network status.

tanuser: View system status with the tanuser role

1. Sign in to the TanOS console as a user with the tanuser role.

2. Enter 1 (System Status).

3. Enter 1 to view OS status, or enter 2 to view network status.

View Tanium component status

View Tanium status with the tanadmin role

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 4-2 (Status > Tanium Status).

View Tanium status with the tanuser role

1. Sign in to the TanOS console as a user with the tanuser role.

2. Enter 2 (Tanium Status).

3. Use the menu to view Tanium service status.

View appliance status

Appliance status shows appliance version information, OS status, or hardware status.

View appliance status with the tanadmin role

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 4-3 (Status > Appliance Status).

3. Use the menu to view appliance version information, OS status, or hardware status.

View appliance status with the tanuser role

1. Sign in to the TanOS console as a user with the tanuser role.

2. Enter 3 (Appliance Status).

3. Use the menu to view appliance version information, OS status, or hardware status.

Review Tanium support information

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3 (Tanium Support).

See Support and Troubleshooting for information on the reports available in this menu.

Perform database operations

If you encounter issues with the Tanium deployment, Tanium Support might direct you to perform database operations.

Database operations are available on the Tanium Server and Tanium Module Server. In an All-In-One deployment, database operations apply only to the Tanium Server.

View the Postgres log file

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3-1 (Tanium Support > Database Operations > Select File).

3. Enter the line number for the postgres.log file, and use the menu to view the log or copy it to the /outgoing folder. View screen

    ------------------------------------------------------
   >>> Tanium Support -> Postgres -> Logs -> postgres.log <<< 
   
           Size: 80   Last Update: 2020-10-25 06:11:39
   
             V: View the file
             F: Follow log file growth
             E: Export to outgoing (sftp)
   
             R: Return to previous menu  RR: Return to top
   
    ------------------------------------------------------

View Postgres configuration files

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3-2 (Tanium Support > Database Operations > Select File).

3. Use the menu to review or modify the configuration.

View Postgres control data

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter 3 to view Postgres control data. View screen

   pg_control version number:            942
   Catalog version number:               201510051
   Database system identifier:           6813452830717815614
   Database cluster state:               in production
   pg_control last modified:             Thu 09 Apr 2020 02:31:02 PM UTC
   Latest checkpoint location:           0/2384610
   Prior checkpoint location:            0/2381B90
   Latest checkpoint's REDO location:    0/23845D8
   Latest checkpoint's REDO WAL file:    000000010000000000000002
   Latest checkpoint's TimeLineID:       1
   Latest checkpoint's PrevTimeLineID:   1
   Latest checkpoint's full_page_writes: on
   Latest checkpoint's NextXID:          0/3498
   Latest checkpoint's NextOID:          27854
   Latest checkpoint's NextMultiXactId:  1
   Latest checkpoint's NextMultiOffset:  0
   Latest checkpoint's oldestXID:        1825
   Latest checkpoint's oldestXID's DB:   1
   Latest checkpoint's oldestActiveXID:  3498
   Latest checkpoint's oldestMultiXid:   1
   Latest checkpoint's oldestMulti's DB: 1
   Latest checkpoint's oldestCommitTsXid:0
   Latest checkpoint's newestCommitTsXid:0
   Time of latest checkpoint:            Thu 09 Apr 2020 02:31:02 PM UTC
   Fake LSN counter for unlogged rels:   0/1
   Minimum recovery ending location:     0/0
   Min recovery ending loc's timeline:   0
   Backup start location:                0/0
   Backup end location:                  0/0
   End-of-backup record required:        no
   wal_level setting:                    hot_standby
   wal_log_hints setting:                off
   max_connections setting:              256
   max_worker_processes setting:         8
   max_prepared_xacts setting:           0
   max_locks_per_xact setting:           64
   track_commit_timestamp setting:       off
   Maximum data alignment:               8
   Database block size:                  8192
   Blocks per segment of large relation: 131072
   WAL block size:                       8192
   Bytes per WAL segment:                16777216
   Maximum length of identifiers:        64
   Maximum columns in an index:          32
   Maximum size of a TOAST chunk:        1996
   Size of a large-object chunk:         2048
   Date/time type storage:               64-bit integers
   Float4 argument passing:              by value
   Float8 argument passing:              by value
   Data page checksum version:           0
   
    Press enter to continue

Enable full Postgres audit log

Postgres logs are very rarely useful in troubleshooting appliance or platform issues. Audit logging is disabled by default. When enabled, Postgres logging can consume inordinate disk space. For best results, enable audit logging only when debugging.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter 4 and follow the prompts to enable audit logging. View screen

   ------------------------------------------------------
    
   >>> Tanium Support menu -> Enable Postgres Full Audit Logging <<< 
   
   
    Do you want to Enable Full Postgres audit logging ? [Yes|No]: yes
   
    Enabling Postgres audit logging
    Reloading Postgres configuration
   
    Press enter to continue

Manage the database memory plan

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3-D (Tanium Support > Database Operations > DB Tuning).

3. Use the menus to view or make changes to the database memory plan.

   You must select the same database memory plan for both Tanium Servers in a cluster, or for both an active and standby Module Server. A Tanium Server and a Module Server are not required to have the same memory plan.

Run the Postgres top command

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter M to view results of the top command. View screen

   last pid: 29609;  load avg:  0.08,  0.03,  0.05;       up 0+03:02:11                  14:45:53
   3 processes: 1 running, 2 sleeping
   CPU states: 34.5% user,  0.0% nice, 15.0% system, 50.5% idle,  0.0% iowait
   Memory: 924M used, 67M free, 46M buffers, 560M cached
   DB activity:  17 tps,  0 rollbs/s,   0 buffer r/s, 100 hit%,     38 row r/s,    0 row w/s
   DB I/O:     0 reads/s,     0 KB/s,    27 writes/s,   210 KB/s
   DB disk: 348.7 GB total, 328.3 GB free (5% used)
   Swap: 10M used, 4086M free, 924K cached
   
     PID USERNAME PRI NICE  SIZE   RES STATE   TIME   WCPU    CPU COMMAND
   23453 postgres  20    0 4426M   50M sleep   0:08  0.20%  0.60% postgres: postgres tanium 10.10.10.55(60908) idle
   29610 postgres  20    0 4421M 6496K run     0:00  0.00%  0.00% postgres: postgres postgres [local] idle

4. Enter Q to return to the Database Operations menu.

Query the tanium database

The Manage Queries menu includes predefined queries that can be useful during troubleshooting.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3-Q-S (Tanium Support > Database Operations > Manage Queries > Select Query).

3. Use the menu to select a predefined query and return to the Manage Queries menu.
4. Enter X to run the query and save the results to the /outgoing folder. View screen

   >>> Tanium Support menu -> Database Operations -> Execute Query <<< 
   
   Running Query DBsizes 
   Query results saved to outgoing in DBsizes.results 
   
   Press enter to continue

5. Enter Q to view query results. View screen

     datname  |  size   
   -----------+---------
    template1 | 7145 kB
    template0 | 7145 kB
    postgres  | 7264 kB
    tanium    | 16 MB
   (4 rows)
   
   /tmp/tmp.G2h8V4Iab2 (END)

6. Enter Q to return to the Manage Queries menu.

View replication status

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter S to view the status.

Initiate database server failover

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.

2. Enter 3-3-F (Tanium Support > Database Operations > Database Server Failover).

3. Follow the prompts to initiate the failover.

Monitor performance

Use the Performance Monitoring menu to view resource usage.

Run a SAR command

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.

2. Enter 3-P-1 (Tanium Support > Performance Monitoring > SAR command).

3. Use the menu to issue a command. The results of the command are returned to the screen. View screen

   Linux 3.10.0-1160.53.1.el7.x86_64 (ts1)     04/20/2022      _x86_64_     (2 CPU)
   
   19:57:03        CPU     %user     %nice   %system   %iowait    %steal     %idle
   19:57:04        all      0.50      0.00      0.50      0.00      0.00     99.00
   19:57:05        all      2.00      0.00      1.00      0.00      0.00     97.00
   19:57:06        all      1.50      0.00      0.50      0.00      0.00     98.00
   19:57:07        all      0.50      0.00      0.00      0.00      0.00     99.50
   19:57:08        all      0.50      0.00      0.50      0.00      0.00     98.99
   Average:        all      1.00      0.00      0.50      0.00      0.00     98.50
   
    Available options
   
     1  - CPU utilization        8  - Swap Space utilization
     2  - Individual CPU usage   9  - Swap statistics
     3  - Memory utilization    10  - Task/Switch activity
     4  - Memory statistics     11  - I/O Xfer statistics
     5  - Pageing statistics    12  - Block device Activity
     6  - Hugepages statistics  13  - Network statistics
     7  - Queue/Load            14  - Power Management
   
    Please select an option or enter to quit:

Export a SAR snapshot

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.

2. Enter 3-P (Tanium Support > Performance Monitoring).

3. Enter 2 to take a five second snapshot of SAR data and export it to the /outgoing folder. View screen

   >>> Collecting SAR performance snapshot <<< 
   
    Performance snapshot has been completed
   
    Snapshot file is appliance-160_perfstats_040920_1522.txt 
    You may now download it from the sftp outgoing directory
   
    Press enter to continue

4. Use SFTP to copy the snapshot file from the /outgoing directory on the appliance to your management computer.

Export a SAR performance data

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.

2. Enter 3-P (Tanium Support > Performance Monitoring).

3. Enter 3 to collect the complete set of SAR data files for the last 30 days and export it to a ZIP file in the /outgoing folder. View screen

   >>> Creating zip file with SAR performance data <<< 
   
    Performance data was saved to file appliance-160_perfdata_040920_1526.zip. 
    You may now download it from the sftp outgoing directory
   
    Press enter to continue

4. Use SFTP to copy the snapshot file from the /outgoing directory on the appliance to your management computer.

Export all SAR files

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.

2. Enter 3-P (Tanium Support > Performance Monitoring).

3. Enter 4 to collect all SAR files into a single file and export it to the /outgoing folder. View screen

   >>> Collecting Complete SAR performance output <<< 
   
    Performance snapshot has been completed
   
    Snapshot file is appliance-156_perfstats_040920_1534.txt 
    You may now download it from the sftp outgoing directory
   
    Press enter to continue

4. Use SFTP to copy the snapshot file from the /outgoing directory on the appliance to your management computer.
   
   
   

Run the iotop command

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-P (Tanium Support > Performance Monitoring).

3. Enter I to monitor input/ouput usage for the appliance.
4. Enter Q to return to the Performance Monitoring menu.

Run the perf top command

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-P (Tanium Support > Performance Monitoring).

3. Enter P to monitor CPU usage for the appliance.
4. Enter Q to return to the Performance Monitoring menu.

Run the htop command

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-P (Tanium Support > Performance Monitoring).

3. Enter T to monitor processes for the appliance.
4. Enter Q to return to the Performance Monitoring menu.

Perform advanced maintenance tasks

Consult with Tanium Support before you use advanced options. For more information, see Support for Tanium Appliances.

Install a firmware update

When you Run the Health Check , you might see messages alerting you to perform a firmware update.

Use the Advanced Maintenance menu to stage and apply firmware updates. On a physical Tanium Appliance, the updates include iDRAC firmware updates, PERC firmware updates, NIC firmware updates, and BIOS firmware updates.

Updating a firmware update is a major task. The process can take from 10-30 minutes, depending on model. Allow the firmware update to complete before attempting any other tasks with the appliance. Do NOT manually power off or reboot the appliance.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-X-1 (Appliance Maintenance > Advanced Maintenance > Firmware Update).

3. Follow the prompts to update the iDRAC, PERC, NIC, and BIOS firmware. View screen

   >>> Appliance Maintenance -> Advanced Menu -> Firmware Update <<< 
   
    Firmware Type          Current Version   Target Version    Status
    ====================   ===============   ==============    ==============
   
    iDRAC                  3.34.34.34        4.22.00.43        Ready to Apply   
    PERC                   50.5.1-2818       50.9.4            Ready to Apply   
    NIC: Intel Copper      18.0.16           19.5.12           Ready to Apply   
    NIC: Broadcom Copper   20.8.4            21.60.2           Ready to Apply   
    BIOS                   2.2.11            2.8.2             Ready to Apply   
   
    Note that the system may need to reboot to apply changes. In general iDRAC
    does not require reboot; BIOS and PERC do require reboot. If any selected
    firmware upgrade requires a reboot, the system will reboot immediately after
    all firmwares have been staged or applied.
   
    Gathering information to perform bulk upgrades...
   
    Upgrade 'iDRAC' to 4.22.00.43 [Yes|No]: yes
    Upgrade 'PERC' to 50.9.4 [Yes|No]: yes
    Upgrade 'NIC: Intel Copper' to 19.5.12 [Yes|No]: yes
    Upgrade 'NIC: Broadcom Copper' to 21.60.2 [Yes|No]: yes
    Upgrade 'BIOS' to 2.8.2 [Yes|No]: yes
   			
    Proceed with selected upgrades now? [Yes|No]
   
   

Re-install ACLs

If you experience issues copying to or from the tancopy/incoming or /outgoing directories, you can use this menu to reapply the access control lists (ACL) for those directories.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-X (Appliance Maintenance > Advanced Maintenance).

3. Enter 3 to reapply the ACLs.