Troubleshooting Performance

Tanium Cloud is a self-monitored service, designed to detect failures before the failures surface to users. For more information, see Tanium Cloud Deployment Guide: Troubleshooting Tanium Cloud.

To collect and send information to Tanium for troubleshooting, collect log and other relevant information.

Collect logs

The information is saved as a compressed ZIP file that you can download with your browser.

  1. From the Performance Overview page, click Help , then the Troubleshooting tab.
  2. Collect the troubleshooting package. Click Generate Support Package. When the ZIP file is ready, click Download Support Package.
  3. Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.

Collect troubleshooting information from endpoints

You can use Client Management to directly connect to an endpoint and collect a bundle of logs and other artifacts, sometimes referred to as an Endpoint Must Gather (EMG).

  1. From the Main menu, click Administration > Shared Services > Client Management.

  2. From the Client Management menu, click Client Health.

  3. In the Direct Connect search box, enter all or part of an IP address or a computer name.

    Matching results are displayed after the search completes.

  4. From the search results, click the computer name to connect to the endpoint.

  5. Click the Gather tab. In the Domain section, select the category or Tanium Solution for which you want to gather troubleshooting information.

  6. Click Gather from Endpoint.

    The selected logs and artifacts are gathered from the endpoint. The package appears in the Must Gathers section, and the name of the package corresponds with its time stamp.

  7. When Finished appears in the Run State column, select the package and click Download to download a ZIP file that contains the troubleshooting information.

For more information about connecting directly to endpoints, see Tanium Direct Connect User Guide.

For more information about using client health features in Client Management, see Tanium Client Management User Guide: Monitor the client health overview in Client Management and Tanium Client Management User Guide: Access detailed client health and troubleshooting information on an endpoint.

Unable to configure Retention Settings

In Performance 1.3.0 and later, you can configure Retention Settings to specify the Database maximum size and Database maximum days. Profiles created in Performance 1.2.1 and earlier do not include this setting. After you upgrade to Performance 1.3.0 or later, you can add this setting to a profile that you created in an earlier version by editing the profile, specifying the Retention Settings, and saving the profile.

Issues with the Performance Trends board

If you do not see the Performance board when you attempt to import it from the Trends gallery, check the status of the Trends client in Performance. Click Info on the Performance Overview page, and check the Trends Client section to see whether the Trends client is started.

If you do not see the latest version of the Performance board in Trends, remove the Performance board and import the board again from the initial gallery. Existing boards do not update automatically during an upgrade. For more information, see Tanium Trends User Guide: Importing the initial gallery.

Error when connecting to endpoints

You must have the Performance Direct Connect Read permission, which is provided by the Performance Administrator, Performance Read Only User, and Performance User roles, and the the Data Collection Registration Read Interact permission to connect directly to endpoints. If you are using Direct Connect 1.9.30 or later, you must also have the Data Collection Registration Read Interact permission to connect directly to endpoints.

If you do not have sufficient privileges, the connection attempt fails with this error: Failed to connect to endpoint <endpoint computer name>. Failed to query for endpoints. Request failed with status code 500403.

Remove Performance tools from Windows and Linux endpoints

You can deploy an action to remove Performance tools from an endpoint or computer group. Separate actions are available for Windows and non-Windows endpoints.

  1. In Interact, target the endpoints from which you want to remove the tools. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is Windows equals true
  2. In the results, select the row for Performance, drill down as necessary, and select the targets from which you want to remove Performance tools. For more information, see Tanium Interact User Guide: Drill Down.
  3. Click Deploy Action.
  4. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.

  5. For Tool Name, select Performance.

  6. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation is blocked, you must unblock it manually:

    • To allow Performance to reinstall tools, deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints).

    • If you reinstall tools manually, select Unblock Tool when you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package.

  7. (Optional) To remove all Performance databases and logs from the endpoints, clear the selection for Soft uninstall.

    When you perform a hard uninstallation of some tools, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data. If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool.

  8. (Optional) To also remove any tools that were dependencies of the Performance tools that are not dependencies for tools from other solutions, select Remove unreferenced dependencies.

  9. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  10. Click Show preview to continue.

  11. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

If you have enabled Endpoint Configuration approval, tool removal must be approved in Endpoint Configuration before tools are removed from endpoints.

Uninstall Performance

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. In the Performance section, click Uninstall.
  3. Review the content that will be removed and click Uninstall.
  4. Enter your credentials and click OK to start the uninstall process.
  5. Return to the Solutions page and verify that the Import button is available for Performance.

By design, the uninstall process does not remove Performance content (packages, saved questions, and sensors) so that other solutions are not impacted if they use this content. If you are sure that this content is not being used by any other solutions, you can manually remove it.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.