Troubleshooting Asset

To collect and send information to Tanium for troubleshooting, collect log and other relevant information.

Collect logs

The information is saved as a compressed ZIP file that you can download with your browser.

  1. From the Asset Overview page, click Help .
  2. Click Troubleshooting > Collect. When the ZIP file is ready, you can download the tanium-asset-support-[timestamp].zip file to your local download directory.
  3. Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.

Update service account log level

  1. From the Asset Overview page, click Settings , then the Advanced tab.
  2. Change the Service Account Log Level.
  3. Click Save.

Troubleshoot asset data exports and imports

View status of imports and exports

On the Asset Overview page in the Activity section, you can view a timeline of the recent imports and exports. The timeline contains each import, with one of the following statuses: 

  • : Scheduled
  • : Successful
  • : Error

View import and export logs

In the ZIP file that you download from the Help section, you can view logs for the data imports and exports. These logs are in the job directory:

ServiceNow exports

ServiceNow export logs are named with the following format: job/date_time_job#_servicenow_config#.log. If you enable Trace level logging on your ServiceNow configuration, numbered subdirectories, for example job/65, are created that contain all of the POST and GET requests for that job. See Add ServiceNow as a destination for more information about configuring logging.

Asset data imports

You can use these logs to view details about the scheduled runs that are occurring to import asset data from Tanium into your Asset database. Tanium data import logs are named with the following format: job/date_time_job#_tanium_1.log. For data you are importing from a database, import logs are named with the following format: job/date_time_job#_database_1.log. To change the log level for imports, see Configuring sources.

Disable imports and exports

Data imports and exports run on a configured schedule by default. You can disable this schedule to resolve issues, or run the import or export manually.

  1. From the Asset menu, go to Inventory Management > Schedules.
  2. Hover over the import or export schedule that you want to disable and click Edit .
  3. Clear the Run this connection on a defined schedule setting. Click Update.
  4. If you want to manually run an import or export, go to the Inventory Management > Schedules page. Hover over the import or export schedule and click Run Now.

Fix Error: MULTIPLE_DUPLICATE_RECORDS error message in ServiceNow log file

If you see an Error: MULTIPLE_DUPLICATE_RECORDS error message in the ServiceNow log file, contact Tanium Support to verify that the ServiceNow export mapping configuration is configured correctly. For more information, see Contact Tanium Support.

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Edit next to the destination.
  3. In the ServiceNow Export Mapping section, add the following property to the cmdb_ci_computer mapping:
    identificationFields: [
  4. Click Update.

Back up and restore the Asset database

You can back up or restore all configuration and Asset data. You might want to create a backup before making configuration updates. You must have the Tanium Administrator role to perform a backup operation.

  1. From the Asset Overview page, click Settings , then the Database tab.
  2. To create a backup of the Asset database, click Back Up Database.
  3. Use the backups.
    • Download backup on local computer: Click Download Database Backup .
    • Restore database backup: Click Restore Database Backup . Before you restore, verify that no Asset destination exports or Tanium Connect connection runs are running. When you run the restoration, the current Asset database is backed up, the Asset service is shut down, the selected database is restored, and the Asset service is restarted. Any jobs that are running during the restoration process do not complete.
      If you want to restore the database on a different Module server, contact Tanium Support. For more information, see Contact Tanium Support.
    • Delete a backup: Click Delete Database Backup .

Remove unneeded data from the Asset database

Delete assets

You can remove assets from your asset database. In a report that shows the assets you want to remove, select the rows and click Delete.

If the asset you deleted responds to the Asset saved questions in a subsequent load, the asset is re-added to the database.

Delete attributes

To delete an attribute, you must disable the attribute, then remove references.

  1. Disable the attribute.
    1. From the Asset menu, click Inventory Management > Attributes.
    2. Click Edit next to the attribute that you want to disable.
    3. Clear the Enabled setting. Click Save.
  2. Remove references to the attribute from all reports, views, permissions, and ServiceNow destinations.
    1. Click Delete next to the attribute that you want to remove.
    2. A list of known locations where the attribute is used is displayed. Click the link for each item, and edit the item to remove the use of the attribute.
    3. Click Refresh to list the remaining references.
  3. After you remove the references, type the name of the attribute to confirm its deletion. Click Delete Attribute.

The attribute is deleted from the Asset database on the next load of data from the data source.

Configure data retention and vacuuming

You can configure data retention and automatic vacuuming on the Asset database.

  1. From the Asset Overview page, click Settings , then the Advanced tab.
    • To purge stale assets that have not been seen by Asset from the database, enable Purge Stale Assets. Then, indicate the age of stale data to remove. The minimum number is seven days.
    • To adjust the trigger and amount of work done during automatic vacuuming, adjust the Cost Limit and Scale Factor values. The Postgres VACUUM operation reclaims storage that is occupied by dead tuples. By default, the database is vacuumed when 1% of tuples are considered dead, and the cost limit (amount of work per vacuum cycle) is set to 1000.
  2. Click Save.

Remove Enforce tools from endpoints

You can deploy an action to remove Enforce tools from an endpoint or computer group. Separate actions are available for Windows and non-Windows endpoints.

  1. In Interact, target the computers from which you want to remove the tools. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is <OS> equals True , for example: 
    Get Endpoint Configuration - Tools Status from all machines with Is Windows equals True
  2. In the results, select the row for Enforce, drill down as necessary, and select the targets from which you want to remove Enforce tools. For more information, see Tanium Interact User Guide: Managing question results.
  3. Click Deploy Action.
  4. On the Deploy Action page, enter Endpoint Configuration - Uninstall in the Enter package name here box, and select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
  5. For Tool Name, select Enforce.

  6. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation is blocked on an endpoint, you must deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints) before the tools can be reinstalled.

  7. (Optional) To remove all Enforce databases and logs from the endpoints, clear the selection for Soft uninstall.

  8. (Optional) To also remove any tools that were dependencies of the Enforce tools that are not dependencies for tools from other modules, select Remove unreferenced dependencies.

  9. Click Show preview to continue.
  10. A results grid displays at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

If you have enabled Endpoint Configuration, tool removal must be approved in Endpoint Configuration before tools are removed from endpoints.

Uninstall Asset

  1. From the Main menu, go to Administration > Configuration > Solutions. Under Asset, click Uninstall. Click Proceed with Uninstall to complete the process.
  2. Remove Asset Tools from your endpoints. To see which endpoints have the file evidence tools installed, ask the question: Get Asset File Evidence Status from all machines. If you want to clean the artifacts from your endpoints, contact Tanium Support. For more information, see Contact Tanium Support.
  3. A backup asset-files folder gets created as part of the uninstall process. You can keep or delete this folder. If any other Asset artifacts remain on your Module Server, contact Tanium Support.
  4. Remove Asset saved questions. You can remove saved questions that meet all the following conditions: 
    • Owned by the service account you configured for Asset
    • AND the name of the saved question starts with Asset
    • AND is in the Asset content set
  5. Remove Asset scheduled actions. Delete the Asset Deploy Collect Active Directory Info scheduled action that is created by the service account and running the Asset Collect Active Directory Info package.
  6. Remove Asset action group. After the action group is empty, you can delete the Tanium Asset action group.

Contact Tanium Support

To contact Tanium Support for help, sign in to