Review troubleshooting tasks for common issues.
Troubleshoot Connect by using log files and the solutions to common issues. If you cannot resolve the issues, collect support information.
The information is saved as a ZIP file that you can download with your browser.
To download logs:
- From the Connect Overview page, click Help .
- From the Troubleshooting tab, select the solutions for which to gather troubleshooting packages and click Create Package.
- When the package is ready, click Download Package.
A ZIP file of Connect information, and database information if selected, downloads to the local download directory.
Some browsers might block multiple downloads by default. Make sure to configure your browser to permit multiple downloads from the Tanium Console.
- Contact Tanium Support to determine the best option to send the ZIP files. For information, see Contact Tanium Support.
Tanium Connect maintains logging information in the Connect.log file in the \Program Files\Tanium\Tanium Module Server\services\Connect directory.
In Connect 5.12, the steps required to configure the service account are no longer necessary due to the adoption of the System User Service, which performs these tasks automatically. Consequently, after upgrading to Connect 5.12, it might take time for the RBAC privileges and other updates to sync properly. This could lead to issues and error messages when first querying the Tanium Console. These issues should resolve on their own after a few minutes, but could take longer depending on system resources and the amount of data to migrate.
Adjust log expiration
To adjust the number of days before log files are removed, click Settings on the Connect Overview page and navigate to the Configuration tab. Edit the number of days in the Connection Run Log Expiration field and click Save.
Adjust log level
To adjust the log level, choose a log level from the Connect Service Log Level menu and click Save.
The Connect service records logs in the \Program Files\Tanium\Tanium Module Server\services\connect-files\logs\server.log file. This file is in JSON format by default, but you can use the Bunyan CLI tool to view the logs. From the \Program Files\Tanium\Tanium Module Server\services\connect-files\ directory, run the following command:
..\connect-service\node ..\connect-service\node_modules\bunyan\bin\bunyan logs\server.log
Search this log for the following message to tell when the Connect service starts:
Tanium Connect Starting
Connection run logs
Connections generate a log file for each run of the connection. The run logs are in the \Program Files\Tanium\Tanium Module Server\services\connect-files\logs\connections\ directory.
Connect configuration state
Connect stores information about connections and user settings in the \Program Files\Tanium\Tanium Module Server\services\connect-files\config\connect.db file.
Do not edit the connect.db file unless advised by Tanium Support.
If you have trouble with a connection, you can run the connection outside of the scheduled intervals.
You might have trouble with running a connection for one of the following reasons:
the plugin schedule was disabled or deleted
the plugin schedule was transferred to another user, but is still associated with the prior user
the user that owns the connection no longer has access to the connection
the persona used to create a plugin schedule no longer has access to the plugin schedule
the persona used to create a plugin schedule is no longer associated with a user
You can log in as the user that owns the connection and view the Connect Overview page, then run the connection outside of the scheduled intervals.
Log in as the user that owns the connection, then select Modules > Connect > Overview.
Wait several minutes before moving on to the next step.
- Send a test connection.
From the Connect Overview page, scroll to the Connections section. Select the checkbox next to the connection, click Run Now, and confirm to run the connection.
- Click the connection and open the Logs tab to view information about each run for that connection. Expand an individual row to view the log.
If you need more log data, open the Details tab, update the Log Level value, and click Save. Run the connection again to view the log with the updated log level.
- If the IP address for a connection is on an internal network, only a Tanium administrator can run the connection by default.
Click Settings on the Connect Overview page. On the Configuration tab, select Internal IPs to allow anyone to run connections to IPs on an internal network.
If a connection fails to send any data in a 60 minute period, Connect automatically terminates the connection.
- Verify that the Connect service is running on your Module Server.
To view the running services, click Start > Run. Type services.msc and click OK. Verify that Connect is in the list and that the service is running.
- Check the service logs for any errors or messages about insufficient rights for the user. The Connect service records logs in the \Program Files\Tanium\Tanium Module Server\services\connect-files\logs\server.log file.
Before your connections can successfully send data to a destination, your Tanium Cloud instance, CMP network egress allow list, and network allow list must be configured. Note the following:
- Sign in to the CMP and configure a network egress allow list rule for each destination fully qualified domain name (FQDN) and associated port. For more information on configuring the network egress allow list, see Tanium Cloud Deployment Guide: Configuring network egress allow list rules in the CMP.
- Tanium Cloud does not support non-TLS plaintext HTTP URLs.
Tanium does not support sending data over TCP port 25 outbound. If you create a rule with external access for an SMTP email server destination (default TCP port 465 or TCP port 587), you can only associate the port with 1 FQDN.
For other destinations, you can reuse a port for multiple destination FQDNs.
Your Tanium Cloud instance has a proxy cluster with 2 public IP addresses. If a destination is in your network, add inbound traffic from these IP addresses to your network allow list.
- Verify that the sensor for the saved question is registered. For more information, see Tanium Console User Guide: Display sensor collection registration details.
- If the sensor is not registered, register it for collection. For more information, see Tanium Console User Guide: Register or unregister sensors for collection.
- If you recently registered a sensor and want to see immediate results before the next scheduled collection, you can manually start the collection. For more information, see Tanium Console User Guide: Manually start collection.
Connections use the owner's role permissions to access content. If the connection owner has insufficient permission for content that a connection requires, such as inability to view a computer group, the connection might not fully export the data that you intend to export.
Do one of the following:
Update the owner's permissions to allow access to intended content. For more information and descriptions of content sets and permissions, see Tanium Console User Guide: RBAC overview.
Transfer ownership of the connection to an existing user with sufficient permissions to access intended content. For more information, see Tanium Console User Guide: Delete or transfer content for a non-active user.
Scheduled connections require an existing Tanium user account owner to run scheduled instances. If the scheduled connection owner is deleted, future scheduled instances of that connection do not run.
Do one of the following:
Transfer ownership of the connection to an existing user. For more information, see Tanium Console User Guide: Delete or transfer content for a non-active user.
Issue: Tanium Audit Source connection fails with MaxNumberOfAuditEntriesPerCacheExceeded error
Connections configured with the Tanium Audit Source connection source might fail if you configure Days of History Retrieved as 0 or a very large value, and a large period of time elapses between connection runs. Update the Days of History Retrieved value to a small integer, such as 1 or 2. For more information, see Reference: Tanium Audit Source data.
The basic Connect module uninstallation is designed so that the data you have collected is restored if you later decide to reinstall Connect. In some cases, you might want to start "clean" and not restore the data. To do this, you must manually remove some files.
Consult with Tanium Support before you uninstall or reinstall Connect.
- Sign in to the Tanium Console as a user with the Administrator role.
- From the Main menu, go to Administration > Configuration > Solutions.
- Under Connect, click Uninstall.
- Review the summary and click Uninstall.
- When prompted to confirm, enter your password.
If you later import the Connect solution, the previous data is restored.
Uninstall Connect so you start fresh when you reinstall
- Uninstall Connect so data is restored on reinstall.
- Manually delete the \Program Files\Tanium\Tanium Module Server\services\connect-files\ directory.
Deleting the connect-files directory removes all existing Connect data. All logs, output, the Connect database, and any other Connect data is deleted. If you later import the Connect solution, the previous data is not restored.
To contact Tanium Support for help, sign in to https://support.tanium.com.
Last updated: 10/3/2022 9:22 AM | Feedback