Troubleshooting Asset

To collect and send information to Tanium for troubleshooting, collect log and other relevant information.

Collect logs

The information is saved as a compressed ZIP file that you can download with your browser.

  1. From the Asset Overview page, click Help .
  2. Go to the Troubleshooting tab and click Collect. When the ZIP file is ready, you can download the tanium-asset-support-[timestamp].zip file to your local download directory.
  3. Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.

Update service log level

  1. From the Asset Overview page, click Settings , and then go to the Advanced tab.
  2. Change the Service Log Level. The following log levels are available:

    Log LevelNumeric LevelDescription
    Error50Generally fatal within the scope of logged operation.
    Warning40Not immediately fatal but requires attention.
    Informational30Normal operations.
    Debug20Additional level of information detail generally too verbose for log level 30.
    Trace10Highly detailed application-level logging; helpful when more detail is needed. For example: what events occurred before, during and after a warning or error occurred.

  3. Click Save.

Upgrading to Asset 1.19

In Asset 1.19, the steps required to configure the service account are no longer necessary due to the adoption of the System User Service, which performs these tasks automatically. Additionally, the Asset database is migrated to the shared RDB database in this release. Consequently, after upgrading to Asset 1.19, it might take time for the database migration to complete and for RBAC privileges and other updates to sync properly. This could lead to issues and error messages when first querying the Tanium Console. These issues should resolve on their own after a few minutes but could take longer depending on system resources and the amount of data to migrate.

During the upgrade process, the Asset database is duplicated temporarily as part of the migration to the shared RDB database. Ensure that the Tanium Module Server has enough available disk space before upgrading to this version.

Configure report timeout period

Configure the report timeout period to increase or decrease the amount of time that Asset tries to load a report page before presenting a timeout error. To troubleshoot the error, see Troubleshoot reports.

  1. From the Asset Overview page, click Settings , and then go to the Advanced tab.
  2. Specify the Report Timeout in minutes. After this timeout period, Asset presents an error.
  3. Click Save.

Reset differential load

To optimize performance, Asset imports data from Tanium Data Service incrementally. As an Asset administrator, you have the option to perform a one-time import for a complete load from Tanium Data Service. Be aware that importing a complete load might take longer than the regular incremental loads.

  1. From the Asset Overview page, click Settings and then go to the Advanced tab.
  2. In the Reset Differential Load section, select Enabled.
  3. Click Save.

The next time Asset is scheduled to import data, Asset imports a complete load from Tanium Data Service. Asset reverts the Reset Differential Load option and future scheduled imports retrieve incremental data.

Troubleshoot reports

If you see a report timeout error message when trying to view a report, consider the following resolutions or workarounds.

Troubleshoot asset data exports and imports

View status of imports and exports

On the Asset Overview page in the Activity section, you can view a timeline of the recent imports and exports.

The timeline contains each import, with one of the following statuses:

  • : Scheduled
  • : Successful
  • : Error

View import and export logs

In the ZIP file that you download from the Help section, you can view logs for the data imports and exports. These logs are in the job directory:

ServiceNow exports

ServiceNow export logs are named with the following format: job/date_time_job#_servicenow_config#.log. If you enable Trace level logging on your ServiceNow configuration, numbered subdirectories, for example job/65, are created that contain all of the POST and GET requests for that job. See Add ServiceNow as a destination for more information about configuring logging.

Asset data imports

You can use these logs to view details about the scheduled runs that are occurring to import asset data from Tanium into your Asset database. Tanium data import logs are named with the following format: job/date_time_job#_tanium_1.log. For data you are importing from a database, import logs are named with the following format: job/date_time_job#_database_1.log. To change the log level for imports, see Configuring sources.

Disable imports and exports

Data imports and exports run on a configured schedule by default. You can disable this schedule to resolve issues, or you can run the import or export manually.

  1. From the Asset menu, go to Inventory Management > Schedules.
  2. Hover over the import or export schedule that you want to disable and click Edit .
  3. Clear the Run this connection on a defined schedule setting. Click Update.
  4. If you want to manually run an import or export, go to the Inventory Management > Schedules page. Hover over the import or export schedule and click Run Now.

Fix Error: MULTIPLE_DUPLICATE_RECORDS error message in ServiceNow log file

If you see an Error: MULTIPLE_DUPLICATE_RECORDS error message in the ServiceNow log file, contact Tanium Support to verify that the ServiceNow export mapping configuration is configured correctly. For more information, Contact Tanium Support.

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Edit next to the destination.
  3. In the ServiceNow Export Mapping section, add the following property to the cmdb_ci_computer mapping:
    identificationFields: [
      [
        "name",
        "serial_number"
      ]
    ],
  4. Click Update.

Fix missing information in export to ServiceNow with Tanium Asset integration

If Asset has finished exporting data to ServiceNow using the Tanium Asset integration and some endpoints are missing or are missing information, work with Tanium Support to review trace logs and make necessary changes.

  1. Update the ServiceNow destination log level to trace.
    1. From the Asset menu, go to Inventory Management > Destinations.
    2. Click Edit next to the destination.
    3. Set the Log Level to Trace.
    4. Click Update.
  2. Run the export again.
    1. From the Asset menu, go to Inventory Management > Schedules and then go to the Export Schedules tab.
    2. Click Run Now next to the schedule.
  3. Collect logs.

    The logs include a ServiceNow > Jobs folder that contains job IDs for the requests and responses made to ServiceNow.

  4. Contact Tanium Support for assistance reviewing logs and making necessary changes.

    Search the logs for the following errors.

    Error Explanation
    ABANDONED

    Generally, jobs are abandoned because of a large number of errors. These errors might occur because of the difference between identifying an endpoint in Asset and ServiceNow. Asset identifies endpoints based on multiple attributes, and ServiceNow (by default) identities endpoints based on a unique name and serial number.

    This error might also indicate missing required fields in ServiceNow because of data class customization or a different business rule.

    TIMED Timed out jobs are usually caused by a business rule or other database issue within ServiceNow. If the duration field in the log file is around 300, Asset might have exported too much data to ServiceNow. You can decrease the job size using an API Settings mapping.
    logContextID logContextId indicates that an entry in the job was logged. Errors are usually categorized as ABANDONED or TIMED.

Fix duplicate entries in ServiceNow with Tanium Asset integration

If you use ServiceNow Paris, Quebec, or Rome with the Tanium Asset integration, ServiceNow creates duplicate entries for some CIs (such as Network Adapters, Storage Devices, and File Systems) in the ServiceNow CMDB when an export runs. This is a known ServiceNow issue. Update the ServiceNow system properties to work around this issue.

  1. In ServiceNow, enter sys_properties.list in the Filter navigator.
  2. In System Properties, click New.
  3. Enter glide.identification_engine.dependent_items_bulk_query as the Name and true as the Value.
  4. Click Submit.

Troubleshoot software inventory and usage monitoring

To return inventory and usage data, endpoints must have the correct version of Asset and the swmgr tool installed.

  1. In Interact, ask the following question:
    Get Endpoint Configuration - Tools Status Details from all machines
  2. For the Asset tool name, confirm that the installed version is correct.
  3. For the swmgr-cx tool name, confirm that the installed version is 2.0.34 or later.

Troubleshoot Microsoft Azure assessments

If the connection verification in a Microsoft Azure assessment fails, check these details:

Back up and restore the Asset database

You can back up or restore all configuration and Asset data. You might want to create a backup before making configuration updates. You must have the Tanium Administrator role to perform a backup operation.

The Asset database is migrated to RDB in Asset 1.19. After you install this release, you will be unable to restore data from database backups generated from previous versions of Asset. You can generate new backups after the migration and use those to restore data at a future point using the same process.
  1. From the Asset Overview page, click Settings , and then go to the Database tab.
  2. To create a backup of the Asset database, click Back Up Database.
  3. Use the backups.
    • Download backup on local computer: Click Download Database Backup .
    • Restore database backup: Click Restore Database Backup . Before you restore, verify that no Asset destination exports or Tanium Connect connection runs are running. When you run the restoration, the current Asset database is backed up, the Asset service is shut down, the selected database is restored, and the Asset service is restarted. Any jobs that are running during the restoration process do not complete.
      If you want to restore the database on a different Module server, Contact Tanium Support.
    • Delete a backup: Click Delete Database Backup .

Remove unneeded data from the Asset database

Delete assets

Asset automatically purges stale assets from the database that have not been seen by Asset after 180 daysthe configured stale data age or based on a purge report. For more information, see Configure data retention and vacuuming.

Asset Administrators or Asset Operators can manually remove assets from the Asset database earlier than the stale data age. In a report that shows the assets you want to remove, select the rows and click Delete.

If the asset you deleted responds to the Asset saved questions in a subsequent load, the asset is re-added to the database.

To prevent unnecessary data collection, endpoints that return results for sensors registered with Tanium Data Service cannot be deleted from Asset.

Delete attributes

To delete an attribute, you must disable the attribute, then remove references.

When you delete or disable an attribute, Tanium Data Service unregisters the underlying sensor if the sensor is not registered by another Tanium solution.

  1. Disable the attribute.
    1. From the Asset menu, click Inventory Management > Attributes.
    2. Click Edit next to the attribute that you want to disable.
    3. Clear the Enabled setting. Click Save.
  2. Remove references to the attribute from all reports, views, permissions, and ServiceNow destinations.
    1. Click Delete next to the attribute that you want to remove.
    2. A list of known locations where the attribute is used is displayed. Click the link for each item and then edit the item to remove the use of the attribute.
    3. Click Refresh to list the remaining references.
  3. After you remove the references, type the name of the attribute to confirm its deletion. Click Delete Attribute.

The attribute is deleted from the Asset database on the next load of data from the data source.

Configure data retention and vacuuming

You can configure data retention and automatic vacuuming on the Asset database.

  1. From the Asset Overview page, click Settings , and then go to the Advanced tab.
    • To purge stale assets that have not been seen by Asset from the database, enable Purge Stale Assets. Then, indicate the age of stale data to remove. The minimum number is seven days. The default and maximum number is 180 days. The maximum number is unlimited days.

      If you set the maximum number to a large number, consider filtering old assets from reports and views.

    • To purge assets based on a report, enable Purge by Report and select the report. To select a report, you must be an Asset Administrator or Asset OperatorAsset Operator and not assigned to an Asset user permissions group. The report must meet the following criteria:
      • Is not a summary or reserved report.

      • Only has attributes from the Asset column.

      • Has a filter with attributes that do not include parentheses. For example, the report can include Asset ID but not Device ID (Physical Disk).

    • To adjust the trigger and amount of work done during automatic vacuuming, adjust the Cost Limit and Scale Factor values. The Postgres VACUUM operation reclaims storage that is occupied by dead tuples. By default, the database is vacuumed when 1% of tuples are considered dead, and the cost limit (amount of work per vacuum cycle) is set to 1000.
  2. Click Save.

Identify and resolve issues with client extensions

Use the following steps to troubleshoot issues with the client extensions that Asset installs and uses. During troubleshooting, consider environmental factors such as security exclusions, file locks, CPU usage, RAM usage, and disk failures.

To review the client extensions that Asset installs and uses, see Client extensions.

  1. To review the health of client extensions or to start an investigation into an existing error, ask a question using the Client Extensions - Status or Asset - Tools Version sensor.

    The results of these questions help to identify endpoints with errors and provide a starting point to deploy actions that might help correct the issue. Filter the results and drill down as necessary to investigate results that indicate errors.

    Consider whether endpoints with errors share common characteristics, such as operating system, domain or organization unit, or the antivirus software that is installed.

  2. Target one or more endpoints with errors, and uninstall tools that report errors without blocking reinstallation: see Remove Asset tools from endpoints and Endpoint Configuration User Guide: Uninstall a tool installed by Endpoint Configuration.

    When you perform a hard uninstallation of some tools, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data. If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool.

    Wait for automatic reinstallation of the tool. If the reinstallation does not resolve the issue, continue to the next step.

  3. Ask a question using the Endpoint Configuration - Tools Status Details sensor, and include filters to limit the results to the tool that you are investigating. For example:

    Get Endpoint Configuration - Tools Status Details having Endpoint Configuration - Tools Status Details:Tool Name contains Asset from all machines with Endpoint Configuration - Tools Status:Tool Name contains Asset

    Review the columns in the results for specific information about errors. The following table provides guidance for some common error conditions:

    Error ConditionPossible Resolution
    No error appears, but an available new version has not been installed

    Review the Targeted Version column to make sure that the endpoint has received the latest manifest. If the targeted version does not yet show the updated version, the Endpoint Configuration manifest has not updated on the endpoint, usually for one of the following reasons:

    Installation Blocker:Unmet Dependencies: [Tool name]If no Failure Message or Failure Step appears, the endpoint might be waiting for the dependencies to install. Wait to see if the condition resolves on its own. If this condition remains for an extended period, ask the question again and review any error information in other columns, especially the Failing Dependency column.
    Failing Dependency:[Tool name]

    Ask the question: Endpoint Configuration - Tools Status Details having Endpoint Configuration - Tools Status Details:Tool Name contains [Tool name] from all machines with Endpoint Configuration - Tools Status:Tool Name contains [Tool name]

    Investigate further errors with the tool.

    If the dependency has not been installed on an endpoint, ask the question: Get Endpoint Configuration - Tools Retry Status from all machines with Computer Name equals Computer_Name to review the retry status for the tool installation. For more information, see Endpoint Configuration User Guide: Review tool installations that are scheduled for a retry.

    Manually Blocked:blockedThe tool was previously blocked, either manually or during a previous uninstallation. Unblock the tool: see Endpoint Configuration User Guide: Block or unblock tools from installing on an endpoint.
  4. Review the Extensions logs on the endpoint. Take note of entries that include fail or error: see Review the Extensions log for an endpoint.

For additional help, collect all logs for Tanium Asset, and contact Tanium Support.

Review the Extensions log for an endpoint

Use Client Management to directly connect to an endpoint and view and download extension logs.

  1. From the Main menu, go to Shared Services > Client Management.

  2. From the Client Management menu, click Client Health.

  3. In the Direct Connect search box, enter all or part of an IP address or a computer name.

    Matching results are displayed after the search completes.

  4. From the search results, click the computer name to connect to the endpoint.
  5. Click the Logs tab, and select an extensions[#].log file.

  6. (Optional) To download the log, click Download.

For additional help, collect all logs for Tanium Asset, and contact Tanium Support.

Remove Asset tools from endpoints

You can deploy an action to remove Asset tools from an endpoint or computer group. Separate actions are available for Windows and non-Windows endpoints.

  1. In Interact, target the endpoints from which you want to remove the tools. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is Windows equals true
  2. In the results, select the row for Asset, drill down as necessary, and select the targets from which you want to remove Asset tools. For more information, see Tanium Interact User Guide: Drill Down.
  3. Click Deploy Action.
  4. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
  5. For Tool Name, select Asset.

  6. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation is blocked, you must unblock it manually:

    • To allow Asset to reinstall tools, deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints).

    • If you reinstall tools manually, select Unblock Tool when you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package.

  7. (Optional) To remove all Asset databases and logs from the endpoints, clear the selection for Soft uninstall.

    When you perform a hard uninstallation of some tools, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data. If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool.

  8. To also remove any tools that were dependencies of the Asset tools that are not dependencies for tools from other solutions, select Remove unreferenced dependencies.

  9. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  10. Click Show preview to continue.
  11. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

If you have enabled Endpoint Configuration approval, tool removal must be approved in Endpoint Configuration before tools are removed from endpoints.

Uninstall SBOM

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. In the Content section, select the SBOM row.
  3. Click Delete Selected and then click Uninstall to complete the process.

Uninstall Asset

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. Select Asset and click Uninstall. Click Yes to complete the process.
  3. Remove Asset Tools from your endpoints. For more information, see Remove Asset tools from endpoints.

    To see which endpoints have the file evidence tools installed, ask the question: Get Asset File Evidence Status from all machines. If you want to clean these artifacts from your endpoints, Contact Tanium Support.

  4. A backup asset-files folder gets created as part of the uninstall process. You can keep or delete this folder. If any other Asset artifacts remain on your Module Server, Contact Tanium Support.
  5. Remove Asset saved questions. You can remove saved questions that meet all the following conditions:
    • Owned by the Asset service account
    • AND the name of the saved question starts with Asset
    • AND is in the Asset content set
  6. Remove Asset scheduled actions. Delete the Asset Deploy Collect Active Directory Info scheduled action that is created by the service account and running the Asset Collect Active Directory Info package.
  7. Remove Asset action group. After the action group is empty, you can delete the Tanium Asset action group.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.