Reference: Tanium Client CLI
Tanium Client 7.2 settings are stored in an SQLite database. You can use the Tanium Client 7.2 command-line interface (CLI) to view and change client settings.
Do not attempt to run the Tanium Client 7.2 CLI commands on Tanium Client 6.0 endpoints. Issuing a CLI command on Tanium Client 6.0 endpoints starts an additional TaniumClient process that cannot be resolved, produces numerous Tanium Client log errors, and consumes resources for each command that is run.
Windows
The following examples show how to use the CLI. On Windows, the settings are written to the Windows Registry.
TaniumClient.exe is the executable program. It is in the Tanium Client installation directory.
Display help
cmd-prompt>TaniumClient --help
Usage: TaniumClient [options] <command> [<args>]
General Options:
-h [ --help ] Print this help message
-v [ --version ] Print the client version
--verbose Verbose output
Service Options:
-i Install the Tanium Client service
-u Uninstall the Tanium Client service
-s Start the Tanium Client service
-e Stop the Tanium Client service
Internal Tanium Options - DO NOT USE:
-c Run as main client process
-m Run as trace monitor process
-a Run as sensor evaluator process
-d Run without daemonizing
Commands:
config Manage client configuration
quarantine Manage sensor quarantine
For help on a specific command run `TaniumClient COMMAND -h`
Display config help
cmd-prompt>TaniumClient config --help
Usage: TaniumClient config <action> [<key>] [<value>]
Actions:
config list List all keys and non-protected values
config list-protected List all keys and values
config get <key> Print non-protected config value
config get-protected <key> Print config value
config set <key> <value> Set config value and try to guess type
config set-string <key> <value> Set string value
config set-protected <key> <value> Set protected string value
config set-number <key> <value> Set numeric value (in decimal or hex notation)
config remove <key> Remove config value
Example: Get configuration settings
cmd-prompt>TaniumClient config list
Keys:
- ComputerID: 2107232555
- DatabaseEpoch: 2017-11-01 17:54:19.073914
- FirstInstall: 07/09/2017 14:39:42
- LastGoodServerName: ts1.tam.local
- LastInstall: 01/11/2017 13:56:27
- LogVerbosityLevel: 1
- Path: C:\Program Files (x86)\Tanium\Tanium Client
- RegistrationCount: 3249
- ReportingTLSMode: 2
- ServerName: ts1.tam.local
- ServerPort: 17472
- Status:
- Status.BackPeerAddress: NoAddress_NoAddress
- Status.BackPreviousPeerAddress: NoAddress_NoAddress
- Status.BufferCount: 2
- Status.ClientAddress: 512:17473:10.10.10.11_512:0:10.10.10.11
- Status.NeighborhoodList: 512:17473:10.10.10.11_512:0:10.10.10.11
- Status.PeerAddress: NoAddress_NoAddress
- Status.PreviousPeerAddress: NoAddress_NoAddress
- Status.StaleCount: 50
- Status.StaleList: Operating System,NAT IP Address,Online,OS Platform,Available Patches,Running Processes Memory Usage,Download Statuses,Tanium Client Version,Disk Used Percentage,Reboot Required,Has Patch Files,Tanium Client Core Health,Firewall Status,Is Virtual,Internet Explorer Version,Disk Free Space,tempsensor_25,tempsensor_33,Installed Applications,Running Applications,Comply - Compliance Aggregates,Has Application Management Tools,Available Patch Status,Has Tanium Standard Utilities,Action Statuses,Has Incident Response Tools,Has Patch Tools,Installed Patches,Manufacturer,Has Hardware Tools,Is Windows,Chassis Type,Is Mac,IOC Detect Tools Version,Has Stale Tanium Client Data,Comply - Vulnerability Aggregates,Has Old Incident Response ID Files,Patch Cab Out of Date,IP Address,Is Patch Scan Force Time,Uptime,Network Adapters,Is Linux,USB Write Protected,Has Copy Tools,Open Ports,Installed Java Runtimes,Running Processes,Tanium Peer Address,Tanium Client IP Address
- ValueSystem:
- ValueSystem.0 0: 1
- ValueSystem.CorrelationDecisionHaste: 1
- ValueSystem.CorrelationRequiredConfidence: 0.69999999999999996
- ValueSystem.CorrelationThresholdMultiplier: 1
- ValueSystem.CorrelationVolumeMultiplier: 0.01
- ValueSystem.PrevalenceDecisionHaste: 1
- ValueSystem.PrevalenceRequiredConfidence: 0.69999999999999996
- ValueSystem.PrevalenceVolumeMultiplier: 1
- ValueSystem.ValueThreshold: 0.10000000000000001
- Version: 7.2.314.2687
Example: Set configuration values
cmd-prompt>TaniumClient config set ServerNameList ts1.tam.local,ts2.tam.local cmd-prompt>TaniumClient config get ServerNameList ts1.tam.local,ts2.tam.local
cmd-prompt$ TaniumClient config set ReportingTLSMode 2 cmd-prompt$ TaniumClient config get ReportingTLSMode 2 cmd-prompt$
Non-Windows
On Linux, macOS, Solaris, and AIX, Tanium Client settings are written to a SQLite database instead of the TaniumClient.ini file.
The TaniumClient service command is the executable program. It is in the Tanium Client installation directory. You can run it as root or use sudo to elevate privileges.
Display help
cmd-prompt$ sudo ./TaniumClient --help
Password:
Usage: TaniumClient [options] <command> [<args>]
General Options:
-h [ --help ] Print this help message
-v [ --version ] Print the client version
--verbose Verbose output
Internal Tanium Options - DO NOT USE:
-a Run as sensor evaluator process
-d Run without daemonizing
Commands:
config Manage client configuration
quarantine Manage sensor quarantine
For help on a specific command run `TaniumClient COMMAND -h`
cmd-prompt$
Display config help
cmd-prompt$ sudo ./TaniumClient config -h
Password:
Usage: TaniumClient config <action> [<key>] [<value>]
Actions:
config list List all keys and non-protected values
config list-protected List all keys and values
config get <key> Print non-protected config value
config get-protected <key> Print config value
config set <key> <value> Set config value and try to guess type
config set-string <key> <value> Set string value
config set-protected <key> <value> Set protected string value
config set-number <key> <value> Set numeric value (in decimal or hex notation)
config remove <key> Remove config value
cmd-prompt$
Example: Get configuration settings
cmd-prompt$ sudo ./TaniumClient config list
Keys:
- ComputerID: 3235161864
- DatabaseEpoch: 2017-11-01 17:54:19.073914
- HostDomainName: tam.local
- LastGoodServerName: ts1.tam.local
- LogVerbosityLevel: 1
- RegistrationCount: 3333
- Resolver: nslookup
- ServerName: zs1.tam.local
- ServerNameList: ts1.tam.local,zs1.tam.local
- ServerPort: 17472
- Status:
- Status.BackPeerAddress: 512:17472:10.10.10.40_512:0:10.10.10.40
- Status.BackPreviousPeerAddress: NoAddress_NoAddress
- Status.BufferCount: 2
- Status.ClientAddress: 512:17472:10.10.10.51_512:0:10.10.10.51
- Status.NeighborhoodList: 512:17472:10.10.10.13_512:0:10.10.10.13, 512:17472:10.10.10.40_512:0:10.10.10.40, 512:17472:10.10.10.51_512:0:10.10.10.51
- Status.PeerAddress: NoAddress_NoAddress
- Status.PreviousPeerAddress: 512:17473:10.10.10.11_512:0:10.10.10.11
- Status.StaleCount: 34
- Status.StaleList: Operating System,NAT IP Address,Online,OS Platform,Available Patches,Running Processes Memory Usage,Tanium Client Version,Disk Used Percentage,Reboot Required,Tanium Client Core Health,Is Virtual,Disk Free Space,tempsensor_33,Installed Applications,Comply - Compliance Aggregates,Has Tanium Standard Utilities,Has Incident Response Tools,Has Patch Tools,Installed Patches,Manufacturer,Has Hardware Tools,Is Windows,Chassis Type,Is Mac,IOC Detect Tools Version,Comply - Vulnerability Aggregates,Has Old Incident Response ID Files,Patch Cab Out of Date,IP Address,Uptime,Network Adapters,Is Linux,Open Ports,Running Processes
- ValueSystem:
- ValueSystem.0 0: 1
- ValueSystem.CorrelationDecisionHaste: 1
- ValueSystem.CorrelationRequiredConfidence: 0.69999999999999996
- ValueSystem.CorrelationThresholdMultiplier: 1
- ValueSystem.CorrelationVolumeMultiplier: 0.01
- ValueSystem.PrevalenceDecisionHaste: 1
- ValueSystem.PrevalenceRequiredConfidence: 0.69999999999999996
- ValueSystem.PrevalenceVolumeMultiplier: 1
- ValueSystem.ValueThreshold: 0.10000000000000001
- Version: 7.2.314.2687
cmd-prompt$
Example: Set configuration values
cmd-prompt$ sudo ./TaniumClient config set ServerNameList ts1.tam.local,ts2.tam.local cmd-prompt$ sudo ./TaniumClient config get ServerNameList ts1.tam.local,ts2.tam.local cmd-prompt$
cmd-prompt$ sudo ./TaniumClient config set ReportingTLSMode 2 cmd-prompt$ sudo ./TaniumClient config get ReportingTLSMode 2 cmd-prompt$
Last updated: 5/22/2018 1:29 PM | Feedback