Troubleshooting Asset

To collect and send information to Tanium for troubleshooting, collect log and other relevant information.

Collect logs

The information is saved as a compressed ZIP file that you can download with your browser.

  1. From the Asset Overview page, click Help .
  2. Click Troubleshooting > Collect. When the ZIP file is ready, you can download the tanium-asset-support-[timestamp].zip file to your local download directory.
  3. Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.

Update service account log level

  1. From the Asset Overview page, click Settings , then the Advanced tab.
  2. Change the Service Account Log Level.
  3. Click Save.

Configure report timeout period

Configure the report timeout period to increase or decrease the amount of time that Asset tries to load a report page before presenting a timeout error. To troubleshoot the error, see Troubleshoot reports.

  1. From the Asset Overview page, click Settings , then the Advanced tab.
  2. Specify the Report Timeout. After this timeout period, Asset presents an error.
  3. Click Save.

Troubleshoot reports

If you see a report timeout error message when trying to view a report, consider the following resolutions or workarounds.

Troubleshoot asset data exports and imports

View status of imports and exports

On the Asset Overview page in the Activity section, you can view a timeline of the recent imports and exports.

The timeline contains each import, with one of the following statuses: 

  • : Scheduled
  • : Successful
  • : Error

View import and export logs

In the ZIP file that you download from the Help section, you can view logs for the data imports and exports. These logs are in the job directory:

ServiceNow exports

ServiceNow export logs are named with the following format: job/date_time_job#_servicenow_config#.log. If you enable Trace level logging on your ServiceNow configuration, numbered subdirectories, for example job/65, are created that contain all of the POST and GET requests for that job. See Add ServiceNow as a destination for more information about configuring logging.

Asset data imports

You can use these logs to view details about the scheduled runs that are occurring to import asset data from Tanium into your Asset database. Tanium data import logs are named with the following format: job/date_time_job#_tanium_1.log. For data you are importing from a database, import logs are named with the following format: job/date_time_job#_database_1.log. To change the log level for imports, see Configuring sources.

Disable imports and exports

Data imports and exports run on a configured schedule by default. You can disable this schedule to resolve issues, or run the import or export manually.

  1. From the Asset menu, go to Inventory Management > Schedules.
  2. Hover over the import or export schedule that you want to disable and click Edit .
  3. Clear the Run this connection on a defined schedule setting. Click Update.
  4. If you want to manually run an import or export, go to the Inventory Management > Schedules page. Hover over the import or export schedule and click Run Now.

Fix Error: MULTIPLE_DUPLICATE_RECORDS error message in ServiceNow log file

If you see an Error: MULTIPLE_DUPLICATE_RECORDS error message in the ServiceNow log file, contact Tanium Support to verify that the ServiceNow export mapping configuration is configured correctly. For more information, Contact Tanium Support.

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Edit next to the destination.
  3. In the ServiceNow Export Mapping section, add the following property to the cmdb_ci_computer mapping:
    identificationFields: [
      [
        "name",
        "serial_number"
      ]
    ],
  4. Click Update.

Fix missing information in export to ServiceNow with Tanium Asset integration

If Asset has finished exporting data to ServiceNow using the Tanium Asset integration and some endpoints are missing or are missing information, work with Tanium Support to review trace logs and make necessary changes.

  1. Update the ServiceNow destination log level to trace.
    1. From the Asset menu, click Inventory Management > Destinations.
    2. Click Edit next to the destination.
    3. Set the Log Level to Trace.

    4. Click Update.

  2. Run the export again.

    1. From the Asset menu, click Schedules > Export Schedules.

    2. Click Run Now next to the schedule.

  3. Collect logs.

    The logs include a ServiceNow > Jobs folder that contains job IDs for the requests and responses made to ServiceNow.

  4. Contact Tanium Support for assistance reviewing logs and making necessary changes.

    Search the logs for the following errors.

    Error Explanation
    ABANDONED

    Generally jobs are abandoned because of a large number of errors. These errors might occur because of the difference between identifying an endpoint in Asset and ServiceNow. Asset identifies endpoints based on multiple attributes, and ServiceNow (by default) identities endpoints based on a unique name and serial number.

    This error might also indicate missing required fields in ServiceNow because of data class customization or a different business rule.

    TIMED Timed out jobs are usually caused by a business rule or other database issue within ServiceNow. If the duration field in the log file is around 300, Asset might have exported too much data to ServiceNow. You can decrease the job size using an API Settings mapping.
    logContextID logContextId indicates that an entry in the job was logged. Usually errors are categorized as ABANDONED or TIMED.

Fix duplicate entries in ServiceNow with Tanium Asset integration

If you are using ServiceNow Paris 10 or Quebec or later with the Tanium Asset integration, ServiceNow creates duplicate entries for some CIs (such as Network Adapters, Storage Devices, and File Systems) in the ServiceNow CMDB when an export runs. This is a known ServiceNow issue. Update the ServiceNow system properties to workaround this issue.

  1. In ServiceNow, enter sys_properties.list in the Filter navigator.

  2. In System Properties, click New.
  3. Enter glide.identification_engine.dependent_items_bulk_query as the Name and true as the Value.
  4. Click Submit.

Troubleshoot software inventory and usage monitoring

To return inventory and usage data, endpoints must have the correct version of Asset and the swmgr tool installed.

  1. In Interact, ask the following question:
    Get Endpoint Configuration - Tools Status Details from all machines
  2. For the Asset tool name, confirm that the installed version is correct.
  3. For the swmgr-cx tool name, confirm that the installed version is 2.0.1.0 or later.

Back up and restore the Asset database

You can back up or restore all configuration and Asset data. You might want to create a backup before making configuration updates. You must have the Tanium Administrator role to perform a backup operation.

  1. From the Asset Overview page, click Settings , then the Database tab.
  2. To create a backup of the Asset database, click Back Up Database.
  3. Use the backups.
    • Download backup on local computer: Click Download Database Backup .
    • Restore database backup: Click Restore Database Backup . Before you restore, verify that no Asset destination exports or Tanium Connect connection runs are running. When you run the restoration, the current Asset database is backed up, the Asset service is shut down, the selected database is restored, and the Asset service is restarted. Any jobs that are running during the restoration process do not complete.
      If you want to restore the database on a different Module server, contact Tanium Support. For more information, see Contact Tanium Support.
    • Delete a backup: Click Delete Database Backup .

Remove unneeded data from the Asset database

Delete assets

Asset automatically purges stale assets from the database that have not been seen by Asset after 180 daysthe configured stale data age or based on a purge report. For more information, see Configure data retention and vacuuming .

You can manually remove assets from your asset database earlier than the stale data age. In a report that shows the assets you want to remove, select the rows and click Delete.

If the asset you deleted responds to the Asset saved questions in a subsequent load, the asset is re-added to the database.

Delete attributes

To delete an attribute, you must disable the attribute, then remove references.

  1. Disable the attribute.
    1. From the Asset menu, click Inventory Management > Attributes.
    2. Click Edit next to the attribute that you want to disable.
    3. Clear the Enabled setting. Click Save.
  2. Remove references to the attribute from all reports, views, permissions, and ServiceNow destinations.
    1. Click Delete next to the attribute that you want to remove.
    2. A list of known locations where the attribute is used is displayed. Click the link for each item, and edit the item to remove the use of the attribute.
    3. Click Refresh to list the remaining references.
  3. After you remove the references, type the name of the attribute to confirm its deletion. Click Delete Attribute.

The attribute is deleted from the Asset database on the next load of data from the data source.

Configure data retention and vacuuming

You can configure data retention and automatic vacuuming on the Asset database.

  1. From the Asset Overview page, click Settings , then the Advanced tab.
    • To purge stale assets that have not been seen by Asset from the database, enable Purge Stale Assets. Then, indicate the age of stale data to remove. The minimum number is seven days. The default and maximum number is 180 days. The maximum number is unlimited days.

      If you set the maximum number to a large number, consider filtering old assets from reports and views.

    • To purge assets based on a report, enable Purge by Report and select the report. To select a report, you must be an Asset Administrator and not assigned to a user group. The report must meet the following criteria:

      • Is not a summary or reserved report.

      • Only has attributes from the Asset column.

      • Has a filter with attributes that do not include parentheses. For example, the report can include Asset ID but not Device ID (Physical Disk).

    • To adjust the trigger and amount of work done during automatic vacuuming, adjust the Cost Limit and Scale Factor values. The Postgres VACUUM operation reclaims storage that is occupied by dead tuples. By default, the database is vacuumed when 1% of tuples are considered dead, and the cost limit (amount of work per vacuum cycle) is set to 1000.
  2. Click Save.

Monitor and troubleshoot key vendors with tracked products

The following table lists contributing factors into why the Key Vendors with Tracked Products metric might be lower than expected and corrective actions you can make.

Contributing factor Corrective action
Products are not tracked

In Software Inventory & Usage > All Products, track products from key vendors.

Lack of knowledge on which products to track

Use the hidden Asset SIU sensors for ad hoc validation of endpoint usage. Based on that informal validation, identify products to track.

Monitor and troubleshoot unused tracked software

The following table lists contributing factors into why the Unused Tracked Software metric might be lower than expected and corrective actions you can make.

Contributing factor Corrective action
Extraneous software is being tracked
  • Only track software that is valuable to the business

  • Only track software when tracking is in accordance with your company’s software asset management charter

 

No formal software reclamation guidelines exists Work with your asset management team to clearly define when software should be reclaimed. This could be based on last used date or overall usage over time. An example might be consistent low usage of an expensive piece of software.

Uninstall Asset

  1. From the Main menu, click Tanium Solutions. Under Asset, click Uninstall. Click Proceed with Uninstall to complete the process.
  2. Remove Asset Tools from your endpoints. To see which endpoints have the file evidence tools installed, ask the question: Get Asset File Evidence Status from all machines. If you want to clean the artifacts from your endpoints, Contact Tanium Support.
  3. A backup asset-files folder gets created as part of the uninstall process. You can keep or delete this folder. If any other Asset artifacts remain on your Module Server, Contact Tanium Support..
  4. Remove Asset saved questions. You can remove saved questions that meet all the following conditions: 
    • Owned by the service account you configured for Asset
    • AND the name of the saved question starts with Asset
    • AND is in the Asset content set
  5. Remove Asset scheduled actions. Delete the Asset Deploy Collect Active Directory Info scheduled action that is created by the service account and running the Asset Collect Active Directory Info package.
  6. Remove Asset action group. After the action group is empty, you can delete the Tanium Asset action group.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.