Reference: Tanium Status and Support menus

TanOS includes the following diagnostic menus.

	Menu	Usage
Status	System Status	View OS or network status.
	Tanium Status	View the status of Tanium processes.
	Appliance Status	View appliance version information, OS status, or hardware status.
Tanium Support	Tanium Log Files	Review logs. See Review Tanium Core Platform logs and Review Tanium solution module logs.
	Database Operations	Run diagnostics or queries. See Use Database Operations menus.
	Run Network Diagnostics	Use ping, port tests, nslookup, and IPsec check utilities.
	Run Health Check	Check the status of network services and Tanium services. See Run the Health Check.
	Display Last Scheduled Health Check Results	A health check is run automatically every 15 minutes. Use this option to view previous results.
	Appliance Hardware Report	Check hardware status.
	Run TSG	Run the Tanium™ Support Gatherer (TSG) scripts. The output is written to a file you can share with Tanium Support. See Run Tanium Support Gatherer.
	Run Tcpdump	Run tcpdump for the selected network interface. Host/IP and port filters are supported.
	Performance Monitoring	Use SAR commands and snapshots. See Use the Performance Monitoring menu.
Advanced Support	Copy Core Files	Copy any core dump files to the /outgoing folder so they can be copied by the tancopy user.
	Generate Process Memory Dump	Generate a process dump from a running Tanium process and copy it to the /outgoing folder.
	Directory Space Usage	View disk usage per directory.

 

Use the status menus

System Status shows OS and network status. Tanium Status shows Tanium™ component status. Appliance Status shows appliance version information, OS status, or hardware status.

tanadmin: View system status

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter 4 to go to the Status menu. View screen

   ------------------------------------------------------
   
                        >>> Status <<< 
   
            1: System Status Menu
            2: Tanium Status Menu
            3: Appliance Status Menu
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

3. Enter 1 to go to the System Status menu. View screen

   ------------------------------------------------------
   
                    >>> System Status <<< 
   
            1: OS Status
            2: Network Status
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

4. Enter 1 to view OS status, or enter 2 to view network status.

tanuser: View system status

1. Sign in to the TanOS console as a user with the tanuser role.
2. Enter 1 to go to the System Status menu. View screen

   ------------------------------------------------------
   
                    >>> System Status <<< 
   
            1: OS Status
            2: Network Status
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

3. Enter 1 to view OS status, or enter 2 to view network status.

tanadmin: View Tanium status

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter 4 to go to the Status menu. View screen

   ------------------------------------------------------
   
                        >>> Status <<< 
   
            1: System Status Menu
            2: Tanium Status Menu
            3: Appliance Status Menu
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

3. Enter 2 to go to the Tanium Status menu. View screen

   ------------------------------------------------------
   
                    >>> Tanium Status <<< 
   
             #: Service                                  State           Status  
             1: ipsec                                    enabled         started        
             2: postgresql-tms                           disabled        stopped 
             3: postgresql-ts-firewall                   enabled         started        
             4: postgresql-ts                            enabled         started        
             5: slapd                                    enabled         started        
             6: taniumserver                             enabled         started        
   
             H: Help
             R: Return to previous menu
   
   ------------------------------------------------------

tanuser: View Tanium status

1. Sign in to the TanOS console as a user with the tanuser role.
2. Enter 2 to go to the Tanium Status menu. View screen

   ------------------------------------------------------
   
                    >>> Tanium Status <<< 
   
             #: Service                                  State           Status  
             1: ipsec                                    enabled         started        
             2: postgresql-tms                           disabled        stopped 
             3: postgresql-ts-firewall                   enabled         started        
             4: postgresql-ts                            enabled         started        
             5: slapd                                    enabled         started        
             6: taniumserver                             enabled         started        
   
             H: Help
             R: Return to previous menu
   
   ------------------------------------------------------

3. Use the menu to view Tanium service status.

tanadmin: View appliance status

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter 4 to go to the Status menu. View screen

   ------------------------------------------------------
   
                        >>> Status <<< 
   
            1: System Status Menu
            2: Tanium Status Menu
            3: Appliance Status Menu
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

3. Enter 3 to go to the Appliance Status menu. View screen

   ------------------------------------------------------
   
                    >>> Appliance Status <<< 
   
            1: Appliance Version Details
            2: Appliance Status (OS)
            3: Appliance Status (HW)
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

4. Use the menu to view appliance version information, OS status, or hardware status.

tanuser: View appliance status

1. Sign in to the TanOS console as a user with the tanuser role.
2. Enter 3 to go to the Appliance Status menu.
3. Use the menu to view appliance version information, OS status, or hardware status.

Use the Tanium Support menu

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu. View screen

   ------------------------------------------------------
   
                   >>> Tanium Support menu <<< 
   
            1: Tanium Log Files
            2: Tanium Module Log Files
            3: Database Operations
            4: Run Network Diagnostics
            5: Run Health Check
            6: Display Last Scheduled Health Check Results
            7: Appliance Hardware Report
   
            A: Run TSG (Tanium Support Gatherer)
            B: Run Tcpdump
            P: Performance Monitoring
   
            X: Advanced Support
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

Use the Advanced Support menu

1. Sign in to the TanOS console as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu. View screen

   ------------------------------------------------------
   
                   >>> Tanium Support menu <<< 
   
            1: Tanium Log Files
            2: Tanium Module Log Files
            3: Database Operations
            4: Run Network Diagnostics
            5: Run Health Check
            6: Display Last Scheduled Health Check Results
            7: Appliance Hardware Report
   
            A: Run TSG (Tanium Support Gatherer)
            B: Run Tcpdump
            P: Performance Monitoring
   
            X: Advanced Support
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

3. Enter X to go to the Advanced Support menu. View screen

   ------------------------------------------------------
   
           >>> Tanium Support -> Advanced Menu <<< 
   
   Attention: The options in this menu can effect performance 
   Please consult your TAM before utilizing the below options.
   
            1: Copy Core Files
            2: Generate Process Memory Dump
            3: Directory space usage
   
            D: Database Query Management
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

4. Use the menu to copy core files, generate a process dump for a Tanium process, or view directory space usage.

Use Database Operations menus

If you encounter issues with the Tanium deployment, Tanium Support might direct you to perform database operations.

View the Postgres log file

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu. View screen

   ------------------------------------------------------
   
                   >>> Tanium Support menu <<< 
   
            1: Tanium Log Files
            2: Tanium Module Log Files
            3: Database Operations
            4: Run Network Diagnostics
            5: Run Health Check
            6: Display Last Scheduled Health Check Results
            7: Appliance Hardware Report
   
            A: Run TSG (Tanium Support Gatherer)
            B: Run Tcpdump
            P: Performance Monitoring
   
            X: Advanced Support
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

3. Enter 3 to go to the Database Operations menu. View screen

   ------------------------------------------------------
   
       >>> Tanium Support menu -> Database Operations <<< 
   
            1: Display Postgres log file
            2: View Postgresql config files
            3: Display Postgres Control Data
            4: Enable Full Postgres Audit logs
   
            D: Database Memory Plan
            M: Monitor Database
            Q: Manage Database Queries
            S: Replication Status
            F: Database Server Failover
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

4. Enter 1 to go to the Select File menu. View screen

   >>> Tanium Support -> Postgres -> Logs <<< 
   
             1: audit-postgres.log                                        1.3K
             2: postgres.log                                                80
             3: stdout-Oct.log                                             312
   
             R: Return, no selection
   
   Please select: 

5. Enter the line number for the postgres.log file, and use the menu to view the log or copy it to the /outgoing folder. View screen

    ------------------------------------------------------
   >>> Tanium Support -> Postgres -> Logs -> postgres.log <<< 
   
           Size: 80   Last Update: 2020-10-25 06:11:39
   
             V: View the file
             F: Follow log file growth
             E: Export to outgoing (sftp)
   
             R: Return to previous menu
   
    ------------------------------------------------------

View Postgres configuration files

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter 2 to go to the Select File menu. View screen

   >>> Tanium Support -> Postgres -> Configs <<< 
   
             1: postgresql_lognormal.conf                                   27
             2: pg_hba.conf                                                463
             3: postgresql.auto.conf                                        88
             4: postgresql.conf                                           2.8K
             5: postgresql_logging.conf                                     27
             6: pg_ident.conf                                              241
             7: postgresql_replication.conf                                199
             8: postgresql_logfull.conf                                   1.3K
   
             R: Return, no selection
   
    Please select:

5. Use the menu to review or modify the configuration.

View Postgres control data

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter 3 to view Postgres control data. View screen

   pg_control version number:            942
   Catalog version number:               201510051
   Database system identifier:           6813452830717815614
   Database cluster state:               in production
   pg_control last modified:             Thu 09 Apr 2020 02:31:02 PM UTC
   Latest checkpoint location:           0/2384610
   Prior checkpoint location:            0/2381B90
   Latest checkpoint's REDO location:    0/23845D8
   Latest checkpoint's REDO WAL file:    000000010000000000000002
   Latest checkpoint's TimeLineID:       1
   Latest checkpoint's PrevTimeLineID:   1
   Latest checkpoint's full_page_writes: on
   Latest checkpoint's NextXID:          0/3498
   Latest checkpoint's NextOID:          27854
   Latest checkpoint's NextMultiXactId:  1
   Latest checkpoint's NextMultiOffset:  0
   Latest checkpoint's oldestXID:        1825
   Latest checkpoint's oldestXID's DB:   1
   Latest checkpoint's oldestActiveXID:  3498
   Latest checkpoint's oldestMultiXid:   1
   Latest checkpoint's oldestMulti's DB: 1
   Latest checkpoint's oldestCommitTsXid:0
   Latest checkpoint's newestCommitTsXid:0
   Time of latest checkpoint:            Thu 09 Apr 2020 02:31:02 PM UTC
   Fake LSN counter for unlogged rels:   0/1
   Minimum recovery ending location:     0/0
   Min recovery ending loc's timeline:   0
   Backup start location:                0/0
   Backup end location:                  0/0
   End-of-backup record required:        no
   wal_level setting:                    hot_standby
   wal_log_hints setting:                off
   max_connections setting:              256
   max_worker_processes setting:         8
   max_prepared_xacts setting:           0
   max_locks_per_xact setting:           64
   track_commit_timestamp setting:       off
   Maximum data alignment:               8
   Database block size:                  8192
   Blocks per segment of large relation: 131072
   WAL block size:                       8192
   Bytes per WAL segment:                16777216
   Maximum length of identifiers:        64
   Maximum columns in an index:          32
   Maximum size of a TOAST chunk:        1996
   Size of a large-object chunk:         2048
   Date/time type storage:               64-bit integers
   Float4 argument passing:              by value
   Float8 argument passing:              by value
   Data page checksum version:           0
   
    Press enter to continue

Enable full Postgres audit log

Postgres logs are very rarely useful in troubleshooting appliance or platform issues. Audit logging is disabled by default. When enabled, Postgres logging can consume inordinate disk space. For best results, enable audit logging only when debugging.

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter 4 and follow the prompts to enable audit logging. View screen

   ------------------------------------------------------
    
   >>> Tanium Support menu -> Enable Postgres Full Audit Logging <<< 
   
   
    Do you want to Enable Full Postgres audit logging ? [Yes|No]: yes
   
    Enabling Postgres audit logging
    Reloading Postgres configuration
   
    Press enter to continue

Manage the database memory plan

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter D to go to the DB Tuning menu. View screen

   ------------------------------------------------------
    
   >>> Tanium Support menu -> Database Operations -> DB Tuning <<< 
   
    Database memory plans are pre-defined database configurations which optimize
    performance based on the size (Memory) of the Tanium Server.  Memory plan
    configurations have been tuned for all available Tanium appliance models. For
    Virtual appliances the memory plan will be selected by total amount of
    available memory.
   
    Total Server Memory:  0GB 
    Current Memory plan:  TINY 
    Selected Memory plan: NONE 
   
            V: View DB Memory Plan Settings
            S: Select DB Memory Plan
            A: Apply DB Memory Plan
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

5. Use the menus to view or make changes to the database memory plan.

Run the Postgres top command

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter M to view results of the top command. View screen

   last pid: 29609;  load avg:  0.08,  0.03,  0.05;       up 0+03:02:11                  14:45:53
   3 processes: 1 running, 2 sleeping
   CPU states: 34.5% user,  0.0% nice, 15.0% system, 50.5% idle,  0.0% iowait
   Memory: 924M used, 67M free, 46M buffers, 560M cached
   DB activity:  17 tps,  0 rollbs/s,   0 buffer r/s, 100 hit%,     38 row r/s,    0 row w/s
   DB I/O:     0 reads/s,     0 KB/s,    27 writes/s,   210 KB/s
   DB disk: 348.7 GB total, 328.3 GB free (5% used)
   Swap: 10M used, 4086M free, 924K cached
   
     PID USERNAME PRI NICE  SIZE   RES STATE   TIME   WCPU    CPU COMMAND
   23453 postgres  20    0 4426M   50M sleep   0:08  0.20%  0.60% postgres: postgres tanium 10.10.10.55(60908) idle
   29610 postgres  20    0 4421M 6496K run     0:00  0.00%  0.00% postgres: postgres postgres [local] idle

5. Enter Q to return to the Database Operations menu.

Query the tanium database

The Manage Queries menu includes predefined queries that can be useful during troubleshooting.

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter Q to go to the Manage Queries menu. View screen

   ------------------------------------------------------
   
   >>> Tanium Support menu -> Database Operations -> Manage Queries <<< 
   
            Current Query Selected: NONE 
   
            S: Select Query
            X: Execute Query
            V: View Query
            Q: View Query Results
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

5. Enter S to go to the Select Query menu. View screen

   >>> Tanium Support menu -> Database Operations -> Select Query <<< 
   
    #   Query Name                              
   
    1   ActiveConnections
    2   ActiveQueries
    3   AddPurgeArchive_SP
    4   ArchivingSavedQuestions
    5   CreateArchiveIndexes
    6   DBsizes
    7   GeneralTableSizeSummary_csv
    8   GeneralTableSizeSummary
    9   LongRunningQueries
    10  Plat420Fix
    11  Plat5843Fix
    12  Plat6634Fix
    13  PurgeArchive_120days
    14  PurgeArchive_30days
    15  PurgeArchive_60days
    16  PurgeArchive_7days
    17  PurgeArchive_90days
    18  PurgeArchiveHistory
    19  RelationSizes
    20  Top20TableSizes_csv
    21  Top20TableSizes
    22  TruncateArchive
    23  Vacuum_Analyze
    24  Vacuum_Full
    25  Vacuum_Verbose
   
    R: Return to main menu
   
    Please select a line number or menu item:

6. Use the menu to select a predefined query and return to the Manage Queries menu.
7. Enter X to run the query and save the results to the /outgoing folder. View screen

   >>> Tanium Support menu -> Database Operations -> Execute Query <<< 
   
   Running Query DBsizes 
   Query results saved to outgoing in DBsizes.results 
   
   Press enter to continue

8. Enter Q to view query results. View screen

     datname  |  size   
   -----------+---------
    template1 | 7145 kB
    template0 | 7145 kB
    postgres  | 7264 kB
    tanium    | 16 MB
   (4 rows)
   
   /tmp/tmp.G2h8V4Iab2 (END)

9. Enter Q to return to the Manage Queries menu.

View replication status

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter S to view the status.

Initiate database server failover

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter F to go to the Database Server Failover menu.
5. Follow the prompts to initiate the failover.

Use the Network Diagnostics menu

Use the Network Diagnostics menu to run basic diagnostic procedures.

Ping a remote system

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 4 to go to the Run Network Diagnostics menu.
4. Enter F to open the Ping Remote System page.
5. Enter the IP address or fully qualified domain name (FQDN) of the system to ping to view connection information.

Test a connection using a remote port

The Test Remote Port screen allows you to attempt a connection to a given destination and port using TCP.

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 4 to go to the Run Network Diagnostics menu.
4. Enter 2 to open the Test Remote Port (TCP) screen.
5. Enter the IP address or FQDN of the destination to test.
6. Enter the port number for the connection.
   The TanOS console indicates whether the appliance can successfully connect using the specified port.

Trace the connection path to a destination

Use the Trace Path screen to run a traceroute command to a remote destination using a specified connection protocol.

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 4 to go to the Run Network Diagnostics menu.
4. Enter 3 to go to the Trace Path menu.
5. Enter the protocol to use for the connection, the FQDN or IP address of the destination, and the port to view the connection path between the appliance and the destination.

Resolve a host name

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 4 to go to the Run Network Diagnostics menu.
4. Enter 4 to go to the Resolve Name screen.
5. Enter the FQDN to find its IP address.

Check IPSEC

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter 5 to view information about any active IPsec tunnels..

Listening ports

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter 6 to view a list of all detected listening ports.

Show firewall

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter 3 to go to the Database Operations menu.
4. Enter 7 to view firewall details.

Use the Performance Monitoring menu

You can use the Performance Monitoring menu to issue system activity report (SAR) commands or export SAR files that you can load into a SAR data viewer. SAR is part of the sysstat package.

Run a SAR command

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter P to go to the Performance Monitoring menu. View screen

   ------------------------------------------------------
   
   >>> Tanium Support -> Performance Monitoring Menu <<< 
   
            1: Run SAR command
            2: Export SAR Snapshot
            3: Export SAR Performance data
            4: Combine all SAR files
   
            H: Help
            R: Return to previous menu
   
   ------------------------------------------------------

4. Enter 1 to go to the SAR command menu. View screen

   This menu options provides the ability to run selected SysStat (SAR) commands.
   Results are view on terminal realtime and are not saved. If you need to save
   the results, use the Snapshot command provided in the menu.
   
   The sar command will be run with a predefined delay and iteration.
   Commands are run with a 5 second interval and 12 iterations. This provides for
   One minute of activity.
   
   
   Available options
   
    1  - CPU utilization        8  - Swap Space utilization
    2  - Individual CPU usage   9  - Swap statistics
    3  - Memory utilization    10  - Task/Switch activity
    4  - Memory statistics     11  - I/O Xfer statistics
    5  - Pageing statistics    12  - Block device Activity
    6  - Hugepages statistics  13  - Network statistics
    7  - Queue/Load            14  - Power Management
   
   Please select an option or enter to quit: 

5. Use the menu to issue a command. The results of the command are returned to the screen. View screen

   Linux 3.10.0-1062.12.1.el7.x86_64 (appliance-156.tam.local)     04/09/2020      _x86_64_     (2 CPU)
   
   03:19:56 PM     CPU     %user     %nice   %system   %iowait    %steal     %idle
   03:19:57 PM     all      0.50      0.00      0.50      0.00      0.00     99.00
   03:19:58 PM     all      0.00      0.00      0.50      0.00      0.00     99.50
   03:20:00 PM     all      0.50      0.00      0.50      0.00      0.00     99.00
   03:20:01 PM     all      0.50      0.00      0.50      0.00      0.00     99.00
   03:20:02 PM     all      2.50      0.00      4.00      0.00      0.00     93.50
   Average:        all      0.80      0.00      1.20      0.00      0.00     98.00
   
   Available options
   
    1  - CPU utilization        8  - Swap Space utilization
    2  - Individual CPU usage   9  - Swap statistics
    3  - Memory utilization    10  - Task/Switch activity
    4  - Memory statistics     11  - I/O Xfer statistics
    5  - Pageing statistics    12  - Block device Activity
    6  - Hugepages statistics  13  - Network statistics
    7  - Queue/Load            14  - Power Management
   
   Please select an option or enter to quit:

Export a SAR snapshot

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter P to go to the Performance Monitoring menu.
4. Enter 2 to take a five second snapshot of SAR data and export it to the /outgoing folder. View screen

   >>> Collecting SAR performance snapshot <<< 
   
    Performance snapshot has been completed
   
    Snapshot file is appliance-160_perfstats_040920_1522.txt 
    You may now download it from the sftp outgoing directory
   
    Press enter to continue

5. Use SFTP to copy the snapshot file from the /outgoing directory on the appliance to your management computer.

Export a SAR performance data

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter P to go to the Performance Monitoring menu.
4. Enter 3 to collect the complete set of SAR data files for the last 30 days and export it to a ZIP file in the /outgoing folder. View screen

   >>> Creating zip file with SAR performance data <<< 
   
    Performance data was saved to file appliance-160_perfdata_040920_1526.zip. 
    You may now download it from the sftp outgoing directory
   
    Press enter to continue

5. Use SFTP to copy the snapshot file from the /outgoing directory on the appliance to your management computer.

Export all SAR files

1. Sign in to the TanOS console of the appliance with the primary database server as a user with the tanadmin role.
2. Enter 3 to go to the Tanium Support menu.
3. Enter P to go to the Performance Monitoring menu.
4. Enter 4 to collect all SAR files into a single file and export it to the /outgoing folder. View screen

   >>> Collecting Complete SAR performance output <<< 
   
    Performance snapshot has been completed
   
    Snapshot file is appliance-156_perfstats_040920_1534.txt 
    You may now download it from the sftp outgoing directory
   
    Press enter to continue

5. Use SFTP to copy the snapshot file from the /outgoing directory on the appliance to your management computer.