Troubleshooting

Collect logs

Collect logs within Integrity Monitor

You must have either an Administrator or Content Administrator role in Integrity Monitor to collect logs.

To collect logs required for troubleshooting

  1. At the top right of the Integrity Monitor home page, click Help .
  2. Click the Troubleshooting tab.
  3. Click Collect and then click Download to get the zipped file required by Tanium to assist you with troubleshooting.

Manually collect logs

If you are unable to collect logs within Integrity Monitor or need to collect logs manually:

  1. Log in to the machine hosting the Tanium Module Server.
  2. Go to C:\Program Files\Tanium\Tanium Module Server\services\integrity-monitor-service-files and provide the files in this directory to Tanium to assist you with troubleshooting.

Remove Integrity Monitor tools from endpoints

If needed, you can deploy a pre-configured package to remove Integrity Monitor tools from an endpoint or computer group.

Linux

  1. Using Interact or a Saved Question, run the Integrity Monitor Endpoint Tools Status Sensor and the Is Linux Sensor.
  2. From the Linux endpoints that have Integrity Monitors tools installed, drill down and select the targets.

  3. Deploy the Integrity Monitor - Remove Tools [Linux]  package to those targets.



Windows

  1. Using Interact or a saved question, run the Integrity Monitor Endpoint Tools Status Sensor and the Is Windows sensor.
  2. From the Windows endpoints that have Integrity Monitor tools installed, drill down and select the targets.
  3. Deploy the Integrity Monitor - Remove Tools [Windows]  package to those targets.

AIX

  1. Using Interact or a saved question, run the Integrity Monitor Endpoint Tools Status Sensor and the Is AIX sensor.
  2. From the Windows endpoints that have Integrity Monitor tools installed, drill down and select the targets.
  3. Deploy the Integrity Monitor Endpoint Tools Removal [AIX]  package to those targets.

Solaris

  1. Using Interact or a saved question, run the Integrity Monitor Endpoint Tools Status Sensor and the Is Solaris sensor.
  2. From the Windows endpoints that have Integrity Monitor tools installed, drill down and select the targets.
  3. Deploy the Integrity Monitor Endpoint Tools Removal [Solaris]  package to those targets.

Specify Diagnostic Settings

  1. To specify minimum log level, at the top right of the Integrity Monitor home page, click Help .
  2. Click the Troubleshooting tab.
  3. Select the needed Log Level. The default for this setting is INFO.

Override Configuration Settings

While working with your TAM to troubleshoot an issue, you might need to upload a JSON file to override low-level configuration settings.

Updating these settings without careful consideration can cause serious system degradation. Do not override these settings unless you are working with your TAM.


  1. At the top right of the Integrity Monitor home page, click Help .
  2. Click the Troubleshooting tab.
  3. In the Configuration Override section, click Upload and browse to the JSON file.

  4. Click Import.

Uninstall Integrity Monitor

Consult with your TAM before you uninstall Integrity Monitor in a production environment so that you understand the potential repercussions.

  1. From the Main menu, click Tanium Solutions. Under Integrity Monitor, click Uninstall. Click Uninstall to complete the process.
  2. Delete any remaining Integrity Monitor related scheduled actions and action groups.
  3. Remove Integrity Monitor Tools from your endpoints. To see which endpoints have the Integrity Monitor tools installed, ask the question Get Integrity Monitor Tools Status from all machines. If any endpoints are returned by this question and you want to remove Integrity Monitor Tools from the endpoint, contact your TAM.
  4. The uninstall process creates a folder with a backup of the Integrity Monitor files called integrity-monitor-service-files. If you have access to the file system on the machine hosting the Module Server, you can keep or delete this folder. If any other Integrity Monitor artifacts remain on your Module Server, contact your TAM.

Last updated: 9/16/2019 1:14 PM | Feedback