Reference: Endpoint monitoring status errors

Standard cross platform endpoint status error messages

Correlation Engine - Error: Correlation Engine potentially hung

The correlation engine process has not written to the database recently. The Deploy Integrity Monitor Endpoint Process Start [OS] action will automatically restart the process if it gets stuck in this state.

Correlation Engine - Error: Correlation Engine not running

This message is normal for a short period of time after a reboot or after deploying the Integrity Monitor - Tools [Windows] package. The Deploy Integrity Monitor Endpoint Process Start [OS] action will automatically correct this issue.

Correlation Engine - Error: Correlation Engine is disabled

The correlation engine process was manually disabled. You can enable it again by using the Integrity Monitor Enable or Disable Endpoint Process [OS] packages.

Index - Error: Tanium Index is not running

Index is not running. This message is reported only when the monitor is in event mode or hybrid mode (using both event monitoring and hash monitoring).

Recorder - Error: Recorder not installed

Install Needed: Recorder not installed

Recorder needs to be installed. Both messages are generated at the same time.

Recorder - Error: Error getting results from recorder DB

An exception occurred trying to gather data from the recorder's database.

Recorder - Error: Missing the recorder database file monitor.db

The recorder generates this file when it runs. This error should resolve itself when recorder runs again.

Recorder - Error: Event recorder is not running

The recorder process is not running. This message is reported only when the monitor is in event mode.

Recorder - Error: Missing the recorder database file monitor.db

The recorder was manually disabled.

Rules Engine - Error: Rules Engine potentially hung

The rules engine process has not written to the database recently. The Deploy Integrity Monitor Endpoint Process Start [OS] action will automatically restart the process if it gets stuck in this state.

Rules Engine - Error: Rules Engine not running

This message is normal for a short period of time after a reboot or after deploying the Integrity Monitor - Tools [Windows] package. The Deploy Integrity Monitor Endpoint Process Start [OS] action will automatically correct this issue.

Rules Engine - Error: Rules Engine is disabled

The rules engine process was manually disabled. You can enable it again by using the Integrity Monitor Enable or Disable Endpoint Process [OS] packages.

Rules Engine - Error: Rules Engine in failed state

The rules engine had an internal failure and is not performing its full function. Restart the rules engine with the Deploy Integrity Monitor Endpoint Process Start [OS] action. If the error still occurs, consult with your TAM.

Rules Engine - Error: Rules Engine incompatible

The rules engine is not running on the endpoint because Python 3 is not deployed. Consult with your TAM.

Standard Windows-specific endpoint status error messages

Recorder - Error: Missing "TaniumSystemMonitor" from Event Tracing sessions

Install Needed: Missing "TaniumSystemMonitor" from Event Tracing sessions

The recorder is not registered with Event Tracing for Windows (ETW). No events will be recorded. Both messages are generated at the same time.

Recorder - Error: Event Tracing for Windows checks timed out

Checking on ETW failed. Check for issues with ETW. Recorder is likely missing events.

Recorder - Error: File permission auditing is disabled

The Audit File System permission is not set correctly on the endpoint. For more information, see Permission recording.

Standard Linux-specific endpoint status error messages

Recorder - Error: im_recorder.json file not found

Install Needed: im_recorder.json file not found

A necessary configuration file for recorder is missing. Reissue the Integrity Monitor - Tools [Linux] action to add it. Both messages are generated at the same time.

Recorder - Error: Disabled due to the CPU usage exceeding the threshold of X%

The recorder is disabled because it used more than the configured CPU limits for too long. X is the threshold configured on the endpoint.

Recorder - Error: Failed to extract cpuThreshold: Error <Detailed Error Message>

An exception occurred trying to get the cpuThreshold from recorder.

Recorder - Error: The "service" binary is not installed on this system. Please install it first.

The system is missing the standard Linux service binary file. This file must be installed for recorder to run.

Recorder - Error: Auditd is not installed on this system. Please install first.

The system is missing the auditd package. This package must be installed for recorder to run.

Recorder - Error: Trouble loading recorder audit rules ("key=TaniumRecorder" missing from "auditctl -l" output)

Recorder auditd rules are not configured correctly, so the recorder will not get any events.

Integrity Monitor - Error: Python Core Library for Tanium not installed

Tools Install Required: Python Core Library for Tanium not installed

The Python Core Library for Tanium is missing. Redeploy monitors to install the latest tools.

Tools Install Required: Updated status sensor not installed

Redeploy monitors to install the latest tools with the updated status sensor.