To collect and send information to Tanium for troubleshooting, collect log and other relevant information.
The information is saved as a compressed ZIP file that you can download with your browser.
- From the Discover Home page, click Help , then the Troubleshooting tab.
- Click Collect.
A discover-support.[timestamp].zip file downloads to the local download directory.
- Attach the ZIP file to your Tanium Support case form or send it to your TAM.
Tanium Discover maintains logging information in the discover.log file in the <Module Server>/services/discover-service-files/discover.log directory.
You might want to see the ranges that are scanned before you run discovery, or to troubleshoot discovery that has already run. To see the calculated gaps between the managed interfaces, use the Discover Scan Range and Discover Scan Range - Unix sensors. The Discover Scan Range - Unix sensor is for Solaris and AIX platforms.
For example, you might use the question: Get Computer Name and Operating System and Tanium Client IP Address and Discover Scan Range and Discover Scan Range - Unix from all machines. The results display the range between each of the managed endpoints and its forward and backward peers.
To return results, Discover tools must be distributed to the endpoints. If you do not see results:
- Check the configuration of the Discover action group. See Configure Discover action group.
- Check the status of the Discover action group. From the main menu, go to Actions > Scheduled Actions.
You might find that some endpoints are not scanning. For example, the question: Get Discover Last Scan Range from all machines returns [no results].
Try adjusting the Start at time of the scheduled action to a few minutes after the Start Time of the configured scan window in the profile.
- Get the start time of the start window for your profile. From the Discover menu, click Profiles. Hover over the profile_name and click Edit . In the Scan Window section, note the value of the Start Time setting.
- From the Main menu, click Actions > Scheduled Actions. Click the Tanium Discover action group.
- Select the scheduled action that is associated with the profile. Choose Discover Content - Execute Scan [profile_name] or Discover Content - Execute Scan for non-Windows [profile_name]. Click Edit.
- Edit the Start at time to start a few minutes after the Start Time you found in your profile.
If you compare the number of managed interfaces in Discover, you might notice that the number is often higher than the number of Tanium Clients that are reported on the System Status page.
This disparity is expected. Interfaces are unique MAC addresses. One Tanium Client with multiple network interface controllers (NICs) displays as multiple interfaces in Discover. Virtualization software can increase the number of interfaces reported for a computer, if the computer has multiple virtual machines running.
- From the Main menu, click Tanium Solutions. Under Discover, click Uninstall. Click Proceed with Uninstall to complete the process.
Delete any remaining Discover-related scheduled actions and action groups. For more information, see Tanium Console User Guide: Delete an action group.
- Check for Discover artifacts on your endpoints. Ask the question: Get Has Discover Artifacts = "true" from all machines. If any endpoints are returned by this question and you want to clean the artifacts off the endpoint, contact your TAM.
- Check for Discover plugin schedules. From the Main menu, click Configuration > Common > Plugin Schedules. If plugin schedules exist for Discover, contact your TAM.
Last updated: 3/31/2020 11:09 AM | Feedback