Reference: TanOS health check results

The TanOS health check provides an overview of the health of the TanOS environment on a Tanium Appliance. After initial configuration, TanOS automatically runs a health check every 15 minutes. The results for the latest health check are stored in the health.log file in the /outgoing directory. For the steps to manually run a health check, see Run the Health Check.

The health check sends alerts if they are enabled. As a best practice:

Enable alerts.
Configure a severity level for alerts that matches the checks for which you want to receive alerts.
Configure an SMTP destination to send email alerts.
(Optional) Configure a syslog destination.

For the steps to configure alerts, see Configure alerts.

Is EULA accepted

Check	Description	Severity	Condition	Remediation
Is EULA Accepted	Checks whether the end-user license agreement (EULA) has been accepted. Reports the user who accepted the EULA and the time at which it was accepted.	WARN	EULA not accepted	From the main menu, enter Q to view the EULA. Follow the prompts to review and accept the EULA.

Operating System health

Check	Description	Severity	Condition	Remediation
CPU	Checks for excessive processor usage across all cores. The reported value is snapshot of a single point in time. Use SNMP polling for continuous monitoring of processor utilization. See Configuring SNMP.	WARN	>90% average CPU usage across all processors	Review the CPU usage of running processes to determine whether certain processes might be consuming excessive processor time. Contact Tanium Support for assistance in troubleshooting such processes. You can use the htop command to monitor processes and resource usage. After determining the cause of the issue, you can, as a temporary measure, restart Tanium services or reboot the appliance. If possible, determine the cause before restarting to avoid delaying a diagnosis. For a virtual Tanium Appliance or cloud-based Tanium Appliance, increase system resources.
Memory	Checks for low available RAM. Because of the way Linux manages memory, it is common for available RAM to be below 10% in production. However, if the RAM is full and the appliance uses a significant amount of swap space, performance might degrade.	ERROR	No available memory	If the Swap check does not also report a WARN or ERROR condition, then less than 50% of swap space is in use. In that case, low available RAM is usually not a cause for concern. If an ERROR condition is frequent for the Memory check, or if the Swap check also reports a WARN or ERROR condition, review the remediation recommendations for the Swap check.
Memory		WARN	<10% available memory
Swap	Checks for low available swap space. If greater than 50% of swap space is in use, one or more processes might be using excessive memory, and performance might degrade.	ERROR	No available swap space	Review the memory usage of running processes to determine whether certain processes might be using excessive memory. Contact Tanium Support for assistance in troubleshooting such processes. You can use the htop command to monitor processes and resource usage. After determining the cause of the issue, you can, as a temporary measure, restart Tanium services or reboot the appliance. If possible, determine the cause before restarting to avoid delaying a diagnosis. For a virtual Tanium Appliance or cloud-based Tanium Appliance, increase available RAM.
Swap		WARN	<50% available swap space
Partition <partition name>	Checks the used space on disk partitions When disk usage exceeds 95% on a critical partition, TanOS stops all Tanium services to preserve TanOS functionality.	ERROR	>95% disk usage on a critical partition	If any partition reports a WARN condition, determine what is using the space and reduce the size before filling up the partition. If necessary, contact Tanium Support for assistance. For a virtual Tanium Appliance or cloud-based Tanium Appliance, increase available storage for the virtual machine or cloud instance, and then increase storage on the appliance. For a physical Tanium Appliance, contact Tanium Support for assistance.
Partition <partition name>		WARN	>75% disk usage on any partition
Boot Check	Checks the boot type configured for the appliance. TanOS must be configured for EFI boot on a physical Tanium Appliance. On a virtual Tanium Appliance or cloud-based Tanium Appliance, both EFI and BIOS boot are allowed.	FAIL	BIOS boot with a physical appliance	Contact Tanium Support for assistance.
Active partition	Reports which partition set TanOS is using. This can be useful information when alternate partitions are in use for a physical Tanium Appliance or virtual Tanium Appliance. This check is informational and always reports a "pass" condition.	N/A	N/A	N/A
Upgrade	Checks whether a TanOS upgrade has failed	ERROR	Upgrade failed	Reattempt the TanOS upgrade. If the upgrade fails repeatedly, collect a Tanium Support Gatherer (TSG) bundle and contact Tanium Support.

Hardware health

Check	Description	Severity	Condition	Remediation
hardware type	physical Tanium Appliance: Reports the hardware appliance code virtual Tanium Appliance or cloud-based Tanium Appliance: Reports the virtual appliance code This check is informational and always reports a "pass" condition.	N/A	N/A	N/A
RAID controller <#> security key	physical Tanium Appliance only: Checks whether the RAID controller security key is set, which is necessary for proper encryption of the RAID array	WARN	RAID controller security key is not properly set	Contact Tanium Support for assistance.
disk encryption	physical Tanium Appliance only: Checks the status of disk encryption in the RAID array	WARN	Disk encryption not configured correctly	Contact Tanium Support for assistance
hardware SEL	physical Tanium Appliance only: Checks the usage of the hardware system event log	ERROR	>90% of log space used	Sign in to the iDRAC virtual console as the tanremote user, and clear the hardware system event log.

User health

Check	Description	Severity	Condition	Remediation
user <username>	Checks that each TanOS user has the correct level of privileges for the role assigned to that user	ERROR	User privileges do not match the assigned role	Contact Tanium Support for assistance.
admin users	Checks that at least one user has been given the tanadmin role other than the built-in tanadmin user	INFO	Only the built-in tanadmin user has the tanadmin role assigned	Create another TanOS user with the tanadmin role.
system user policies	Checks that the security policies for each TanOS user match the user security policies that are configured for the appliance	ERROR	A security policy for a user does not match the policy configured for the appliance	Reapply the security policy that is not properly applied.

Network health

Check	Description	Severity	Condition	Remediation
own hostname resolution	Checks that the appliance can resolve its own host name	ERROR	Own host name cannot be resolved	Check that the host name and DNS configuration is correct. If the resolution relies on DNS, work with your network administrator to resolve DNS issues.
mount <module share>	Checks whether a configured module share is disconnected	ERROR	Module share is configured but not mounted	List and test module file share mounts. If necessary delete the mount and re-create it. See Configure solution module file share mounts.
Connection tracking	Checks the ratio of network connections to the maximum number allowed for the appliance	INFO	>70% of available network connections in use	Contact Tanium Support to assist in determining the cause of the high number of connections.

Service health

Check	Description	Severity	Condition	Remediation
chronyd service	Checks that the time synchronization service is running and that the time is synchronized	ERROR	Service is not running or status cannot be determined	Check the status of the chronyd service, and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
chronyd service		WARN	Time not synchronized	Make sure that a valid time synchronization source is provided for the NTP configuration. Restart the chronyd service.
host time	virtual Tanium Appliance only: Checks the time difference between the host and virtual appliance	WARN	Time difference >5s	Make sure that a valid time synchronization source is provided for the NTP configuration. Restart the chronyd service.
rsyslog service	Checks that the rsyslog service is running	ERROR	Service is not running or status cannot be determined	Reboot the appliance or reconfigure syslog forwarding to restart the rsyslog service.
syslog delivery	Checks whether the rsyslog service is successfully forwarding syslog messages to the configured destination This check can occasionally produce a false positive WARN condition due to a temporary increase in the outgoing message queue. Typically, remediation is necessary only if you observe a repeated or persistent WARN condition.	WARN	Messages have not been delivered (indicates number of failed messages)	Make sure that syslog forwarding is properly configured and that the remote syslog server is reachable. Reboot the appliance or reconfigure syslog forwarding to restart the rsyslog service.
iptables service	Checks whether the iptables service is running	ERROR	Service is not running or status cannot be determined	Reboot the appliance. If the problem persists, contact Tanium Support for assistance.
ip6tables service	Checks whether the ip6tables service is running	ERROR	Service is not running or status cannot be determined	Reboot the appliance. If the problem persists, contact Tanium Support for assistance.
sshd service	Checks whether the sshd service is running	ERROR	Service is not running or status cannot be determined	Check the status of the sshd service, and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
ipsec	Checks whether the ipsec service is running The ipsec service is required for an active-activeTanium Server or active passive Tanium Module Server configuration.	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the ipsec service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
sssd service	Checks whether the sssd service is running, and whether debug logging is enabled Running the sssd service with debug logging enabled could cause performance issues.	ERROR	Service is not running or status cannot be determined	From the main menu, enter C-A-T-S to check the status of the sssd service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure. For configuration information, see Configure LDAP authentication for TanOS system users.
sssd service		INFO	Debug logging enabled	Contact Tanium Support for assistance.
local auth service	Checks whether the slapd service is running. The slapd service provides the local authentication service for Tanium Console users. Additionally, it always manages the default user tanium, even if you use LDAP authentication and do not otherwise use the local authentication service in TanOS.	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the slapd service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
Local LDAP config	Performs internal checks to evaluate local LDAP health	ERROR	Internal checks failed	Contact Tanium Support for assistance.
Remote LDAP config	Performs internal checks to evaluate remote LDAP health in a clustered environment	ERROR	Internal checks failed	Contact Tanium Support for assistance.
LDAP contents	Checks that the local LDAP contents match the remote LDAP contents in a clustered environment	ERROR	Local contents do not match remote contents	From the main menu, enter C-L-C for more details about the LDAP content mismatch. Contact Tanium Support for assistance.

Application health

Check	Description	Severity	Condition	Remediation
TS	Tanium Server only: Checks whether the taniumserver service is running	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the taniumserver service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
TS database connection	Tanium Server only: Checks the Tanium Server connection to the database	ERROR	The Tanium Server cannot connect to the database	Contact Tanium Support for assistance.
TS database	Tanium Server only: Checks the size of the Tanium Server database	INFO	Database size >50GB	Contact Tanium Support for assistance.
TS database pg_wal	Tanium Server only: Checks the size of the PostgreSQL write-ahead log (WAL) directory	ERROR	pg_wal directory missing	Contact Tanium Support for assistance.
TS database pg_wal		ERROR	pg_wal directory >50% of partition size	Contact Tanium Support for assistance.
TMS connectivity	Tanium Server only: Checks the Tanium Server connection to the Tanium Module Server	ERROR	The Module Server connection is not configured, or the Tanium Server cannot reach the Module Server at the configured address	Make sure that the array is configured correctly and that network issues are not preventing a connection. Contact Tanium Support for assistance.
LDAP Sync	Tanium Server only: Checks LDAPS or StartTLS certificate configuration	WARN	LDAPS or StartTLS certificate validation is disabled	Check the LDAP confiugration for the Tanium Server.
		WARN	In a clustered environment, the LDAPS or StartTLS certificate configuration does not match the configuration on a peer
		INFO	LDAPS or StartTLS certificates exist but are not in use
TMS	Primary Tanium Module Server only: Checks whether the taniummoduleserver service is running	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the taniummoduleserver service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
Secondary TMS	Secondary Tanium Module Server only: Checks whether the taniummoduleserver service is running. The service should be stopped on a secondary Module Server.	ERROR	Service is running or status cannot be determined	Use the Tanium Service Control menu to check the status of the taniummoduleserver service and stop it.
tanium-<solution-name>	Tanium Module Server only: Checks whether each installed solution service is running	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the service for the solution, and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
TMS database pg_wal	Tanium Module Server only: Checks the size of the PostgreSQL write-ahead log (WAL) directory	ERROR	pg_wal directory missing	Contact Tanium Support for assistance.
TMS database pg_wal		ERROR	pg_wal directory >50% of partition size	Contact Tanium Support for assistance.
Memory Plan	Tanium Server or Tanium Module Server only: Checks that the memory plan for the local database instance is set appropriately	WARN	Configured memory plan is not the preferred plan for the appliance model (physical Tanium Appliance) or the available memory (virtual Tanium Appliance or cloud-based Tanium Appliance)	Configure the memory plan to the indicated preferred plan.
TZS	Tanium Zone Server only: Checks whether the taniumzoneserver service is running	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the taniumzoneserver service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
Zone Hub	Tanium Zone Server Hub only: Checks whether taniumzoneserver service is running	ERROR	Service is not running or status cannot be determined	Use the Tanium Service Control menu to check the status of the taniumzoneserver service , and attempt to start or restart it. If the service fails to start, review Status Details for more information about the failure.
TaniumServer file permissions	Tanium Server only: Checks for proper file permissions and ownership on Tanium Server files	WARN	Specified files do not have the proper permissions or ownership	Reinstall access control lists (ACLs).
TaniumModuleServer file permissions	Tanium Module Server only: Checks for proper file permissions and ownerships on Tanium Module Server files	WARN	Specified files do not have the proper permissions or ownership	Reinstall access control lists (ACLs).
TaniumZoneServer file permissions	Tanium Zone Server only: Checks for proper file permissions and ownership on Tanium Zone Server files	WARN	Specified files do not have the proper permissions or ownership	Reinstall access control lists (ACLs).

TanOS

Check	Description	Severity	Condition	Remediation
BIOS Version	physical Tanium Appliance only: Checks whether the installed BIOS firmware version is up to date with the version available with the installed version of TanOS	WARN	Old version of firmware installed	Install the available firmware update.
PERC Version	physical Tanium Appliance only: Checks whether the installed RAID controller firmware version is up to date with the version available with the installed version of TanOS	WARN	Old version of firmware installed	Install the available firmware update.
iDRAC Version	physical Tanium Appliance only: Checks whether the installed iDRAC firmware version is up to date with the version available with the installed version of TanOS	WARN	Old version of firmware installed	Install the available firmware update.
NIC Version	physical Tanium Appliance only: Checks whether the installed NIC firmware version is up to date with the version available with the installed version of TanOS	WARN	Old version of firmware installed	Install the available firmware update.
Backup	Tanium Server or primary Tanium Module Server only: Checks whether a system backup is scheduled to run	ERROR	Backup is scheduled, but an encryption key is not properly configured	Configure the encryption key for the backup.
Backup		INFO	No backup is scheduled	Configure an automatic backup.
Partition sync	Appliances with an inactive partition set: Checks whether a partition sync has been performed in the last 90 days	WARN	The fstab configuration file used to mount the inactive partition is missing	Perform a partition sync.
		WARN	The partition sync time stamp is missing
		INFO	>90 days since last partition sync
TanOS key material	Checks for issues with the cryptographic keys on the appliance	ERROR	A required key is invalid, obsolete, or missing	Generate a new key for any keys that are indicated by the error.
TanOS version	Internet-connected appliances: Checks whether a newer version of TanOS is available	INFO	A newer version of TanOS is available for upgrade	Upgrade TanOS to the new version.
TanOS version match	Appliances in an array: Checks whether the TanOS version matches for all array members	WARN	TanOS versions do not all match	Upgrade TanOS to the new version on all array members.

Miscellaneous

Check	Description	Severity	Condition	Remediation
Core Files	Checks for core dumps that are stored on the appliance from process crashes Copy core files from the appliance to share with Tanium Support when requesting troubleshooting assistance. To save disk space, clean up core files that have been copied or are no longer needed.	WARN	Core files exist on the appliance	Copy core files for troubleshooting. Use the Clean directories menu to clean the Cores directory after core files have been copied or are no longer needed.
Shell Keys	Checks whether a TanOS shell key is active for read-write restricted shell or full shell access	INFO	Shell key is active	Use the Shell Keys menu to remove shell access or revoke all shell keys when read-write restricted shell or full shell access is no longer needed.
Auth plugin	Tanium Server only: Checks whether the proper authentication plugin is in use	INFO	Deprecated or unsupported authentication plugin in use	Contact Tanium Support for assistance.

Check

Description

Severity

Condition

Remediation

Core Files

Checks for core dumps that are stored on the appliance from process crashes

Copy core files from the appliance to share with Tanium Support when requesting troubleshooting assistance. To save disk space, clean up core files that have been copied or are no longer needed.

WARN

Core files exist on the appliance

Copy core files for troubleshooting.
Use the Clean directories menu to clean the Cores directory after core files have been copied or are no longer needed.

Shell Keys

Checks whether a TanOS shell key is active for read-write restricted shell or full shell access

INFO

Shell key is active

Use the Shell Keys menu to remove shell access or revoke all shell keys when read-write restricted shell or full shell access is no longer needed.

Auth plugin

Tanium Server only: Checks whether the proper authentication plugin is in use

INFO

Deprecated or unsupported authentication plugin in use

Contact Tanium Support for assistance.

Database replication health

Check	Description	Severity	Condition	Remediation
Database Replication	Tanium Server or Tanium Module Server only: Checks the status of database replication	ERROR	Database replication failed	Review replication status. From the main menu on the secondary Tanium Server or Module Server, enter 3-3-I to reinitialize the replication.

TMS sync health

Check	Description	Severity	Condition	Remediation
Tanium Module Server Sync Health	Tanium Module Server only: Checks whether Module Server synchronization is successful	ERROR	Module Server synchronization failed	Review the detailed status for Module Server sync. Check the Module Server sync configuration.

RAID controller security key

Check	Description	Severity	Condition	Remediation
RAID Security key check	physical Tanium Appliance only: Checks whether the RAID controller security key has been exported The RAID controller security key is required to decrypt drives if the RAID controller fails.	WARN	RAID Security key has not been exported	Export the RAID security key and store it in a safe location.

Check

Description

Severity

Condition

Remediation

RAID Security key check

physical Tanium Appliance only: Checks whether the RAID controller security key has been exported

The RAID controller security key is required to decrypt drives if the RAID controller fails.

WARN

RAID Security key has not been exported

Export the RAID security key and store it in a safe location.

Postgres SSL health check

Check	Description	Severity	Condition	Remediation
Postgres SSL	Tanium Server only: Checks the TLS configuration of the local PostgreSQL database	ERROR	Missing DB Directory	Contact Tanium Support for assistance.
Postgres SSL		ERROR	TLS disabled for PostgreSQL database	Contact Tanium Support for assistance.
SSL CRL file	Tanium Server only: Reports the name of the certificate revocation list (CRL) file if in use. This check is informational only.	N/A	N/A	N/A

OVA health

Check	Description	Severity	Condition	Remediation
Client Count	virtual Tanium Appliance only: Reports the count of Tanium Clients that have connected during the current or prior day and checks whether the number exceeds the maximum recommended with current virtual machine resources	INFO	Number of connected clients exceeds the recommended maximum	See the following checks for RAM and CPU to determine whether each of these resources is adequate. Increase virtual machine resources. See Cloud-based Tanium Appliance and virtual Tanium Appliance specifications
RAM Requirements	virtual Tanium Appliance only: Checks whether the RAM configured for the virtual machine is less than the RAM recommended for the number of connected clients	INFO	RAM less than recommended requirement	Increase virtual machine RAM. See Cloud-based Tanium Appliance and virtual Tanium Appliance specifications
CPU Requirements	virtual Tanium Appliance only: Checks whether the number of CPU cores configured for the virtual machine is less than the CPU cores recommended for the number of connected clients	INFO	CPU cores less than recommended requirement	Increase virtual machine CPU cores. See Cloud-based Tanium Appliance and virtual Tanium Appliance specifications