Troubleshooting the installation
View version information
When discussing issues, it is important to communicate precise version information with colleagues and with Tanium Support.
- Sign into the TanOS console as a user with the tanadmin or tanuser role.
- Enter @ to go to the About this Appliance menu that shows version information, system time, uptime, and basic network configuration details.
View screen----------------------------------------------------------------
>>> About this Appliance <<<
Hostname: appliance-162
Domain Name: tam.local
System Time (MM/DD/YY): 10/30/20-13:35:44-UTC
Uptime: up 7 hours, 22 minutes
TanOS Version: 1.6.3.0073
Shell Version: 1.6.3.0073
Appliance Model: TV-110
Serial Number: VMware-564d0181aa8ea7af-2cece30817ed026f
IP Address: 10.10.10.162
Gateway address: 10.10.10.2
Name Servers: 10.10.10.10
NTP Servers: 0.pool.ntp.org
Tanium Version: 7.4.4.1250
Server Role: Tanium Server (All-In-One)
Server Addons: No add-ons installed
Tanium Cluster Role: Not configured
Number of Processors: 2 x 2399 MHz
Total Memory: 2G
Appliance Activation State: License File
Tanium Server Pub Key MD5: 88da5655a7f03950077d9e3681dffba7
Tanium Server Init Key MD5: 78fc1a51b0779f89f13d341f633f1f9e
Tanium License MD5: Not Available
License expiration date: 2020/12/21
---------------------------------------------------------------
Press enter to continue
Run the Health Check
TanOS automatically runs a health check every 15 minutes. The results for the latest health check are stored in the health.log file in the /outgoing directory.
After you perform the initial setup for an appliance, a core backup is scheduled by default. The health check reports an error that automatic backups cannot complete until you set up an encryption key. To remove the error from the health check, you can either add an encryption key or disable the scheduled core backup. For information on how to disable the core backup, see Configure an automatic backup.
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 3 to go to the Tanium Support menu. View screen
------------------------------------------------------
>>> Tanium Support menu <<<
1: Tanium Log Files
2: Tanium Module Log Files
3: Database Operations
4: Run Network Diagnostics
5: Run Health Check
6: Display Last Scheduled Health Check Results
7: Appliance Hardware Report
A: Run TSG (Tanium Support Gatherer)
B: Run Tcpdump
P: Performance Monitoring
X: Advanced Support
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 5 to run the health check. View screen
>>> Tanium Support -> Run Health Check <<<
Report time: 2020-10-29 14:44:29 UTC
Report Uptime: 14:44:29 up 8:10, 1 user, load average: 0.00, 0.01, 0.05
>>> Is EULA Accepted <<<
[email protected] accepted June2019 EULA on Thu Oct 29 06:29:33 UTC 2020
Is EULA Accepted: pass
>>> Operating System health (will take 7-10 seconds) <<<
CPU: pass
Memory: pass (70% avail >= 10%)
Swap: pass (100% avail >= 50%)
Partition /: pass (8%)
Partition /boot: pass (24%)
Partition /var: pass (3%)
Partition /var/log/audit: pass (2%)
Partition /opt: pass (2%)
Partition /tmp: pass (1%)
Partition /home: pass (1%)
Partition /cores: pass (1%)
Partition /var/log: pass (1%)
Boot Check: Pass (BIOS Boot with virtual machine)
Active partition: pass (VolGroup1-root)
>>> Hardware health (will take 1-12 seconds) <<<
hardware type: pass (TV-110)
>>> User health <<<
user tanium: pass
user tanadmin: pass
user tanuser: pass
user tancopy: pass
user tanfactory: pass (disabled)
system user shells: pass
system user policies: pass
>>> Network health (will take 5-7 seconds) <<<
default gateway: pass
generic name resolution: pass
own hostname resolution: pass (Hosts)
no stats available
L2 check eth0: pass
mount /opt/mounts/connect: pass (not configured)
mount /opt/mounts/detect: pass (not configured)
mount /opt/mounts/trends: pass (not configured)
Connection tracking: pass
>>> Service health <<<
ntpd service: pass (running)
ntpd service: pass (time synced)
rsyslog service: pass
syslog delivery: N/A (syslog delivery is disabled)
iptables service: pass
ip6tables service: pass
sshd service: pass
ipsec service: pass
local auth service: pass
>>> Application health <<<
taniumserver.service: pass (service is running)
taniumserver.service: pass (iptables)
taniumserver.service: pass (database connected)
taniumserver.service: pass (database size: 1 GB)
TMS connectivity: fail (127.0.0.1:17477)
taniummoduleserver.service: pass (does not exist/not installed)
taniumzoneserver.service: pass (does not exist/not installed)
>>> TanOS <<<
BIOS Version: pass (not checked)
PERC Version: pass (not checked)
iDRAC Version: pass (not checked)
Backup: fail (Backup schedule cannot run without key)
TanOS key material: pass
>>> Miscellaneous <<<
misc 1: pass
core files: pass
shell keys: pass
>>> Database Replication Health <<<
Database Replication: pass (Not configured)
>>> RAID Controller Security Key <<<
RAID Security key check: pass (N/A for this platform)
>>> Tanium Application file Permissions <<<
TaniumServer file permissions: pass
>>> Postgres SSL Health Check <<<
Postgres SSL: pass
SSL CRL file: root.crl.pem
>>> OVA Health (TV-2xx) <<<
RAM Requirements: fail (1837)
CPU Requirements: fail (2)
executed checks: 58
failed checks: 4
>>> End Health Check <<<
Press enter to continueResults appear on screen, and the results are also stored in the health.log file in the /outgoing directory.
If your health check report prompts you to accept the end-user license agreement (EULA), go to the tanadmin menu and enter Q to view the EULA. Follow the prompts to accept it.
Restart services or networking
Check whether a Taniumâ„¢ service needs to be restarted. You can use the TanOS menu to stop a service whether or not it is enabled. You can use the TanOS to start a service if it has been enabled.
Restart services
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 to go to the Tanium Service Control menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Tanium Service Control <<<
1: ipsec enabled started
2: postgresql-tms enabled stopped
3: postgresql-ts-firewall enabled started
4: postgresql-ts enabled started
5: slapd enabled started
6: taniumserver enabled started
A: Restart ALL enabled Tanium services
B: Stop ALL Tanium services
C: Start ALL enabled Tanium services
D: Disable ALL Tanium services
E: Enable ALL Tanium services
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter the line number of the service you want to manage to view the service commands. View screen
>>> Tanium Operations -> Tanium Service Control -> Service <<<
Service State Status
taniumserver enabled running
1: Start service
2: Stop service
3: Restart service
4: Disable service
5: Enable service
6: Status Details
R: Return to previous menu
------------------------------------------------------
- Type the number of a service control command to issue it.
Restart networking
- Sign into the TanOS console as a user with the tanadmin role.
- Enter A to go to the Appliance Configuration menu. View screen
------------------------------------------------------
>>> Appliance Configuration <<<
1: Hostname/DNS Configuration
2: Networking Configuration
3: NTP Configuration
4: Syslog Configuration
5: SNMP Configuration
6: Module File Share Configuration
7: Reset all NICs to DHCP (VM only)
A: Security
X: Advanced Configuration
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 2 to go to the Networking Configuration menu. View screen
------------------------------------------------------
>>> Appliance Configuration -> Networking <<<
1: Network Interfaces
2: IPSEC Configuration
3: Routing Configuration
4: Restart Networking
T: NIC Teaming
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 4 to restart networking.
Reinitialize replication
Use this procedure after the secondary database server has been promoted to primary, or to reinitialize a broken Tanium cluster.
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu.
- Enter B to go to the Cluster Configuration menu.
- Enter B and follow the prompts to reinitialize replication.
Review Tanium Core Platform logs
If you are diagnosing issues with the Tanium Core Platform installation, review the logs.
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 3 to go to the Tanium Support menu. View screen
------------------------------------------------------
>>> Tanium Support menu <<<
1: Tanium Log Files
2: Tanium Module Log Files
3: Database Operations
4: Run Network Diagnostics
5: Run Health Check
6: Display Last Scheduled Health Check Results
7: Appliance Hardware Report
A: Run TSG (Tanium Support Gatherer)
B: Run Tcpdump
P: Performance Monitoring
X: Advanced Support
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 1 to go to the Log Files Access menu. View screen
------------------------------------------------------
>>> Tanium Support -> Log File Access <<<
1: TanOS Appliance
2: Tanium Server
3: Tanium Module Server
5: PostgreSQL
H: Help
R: Return to previous menu
------------------------------------------------------
- Select an item to view its submenu. View screen
------------------------------------------------------
>>> Tanium Support -> Log File Access -> taniumserver <<<
1: Tanium Server Log (log0.txt)
2: Tanium Server TDL Log (log0.txt)
3: Tanium Server RBAC Log (rbac0.txt)
4: Tanium Server PAM4 Log (tanium_pam4.log)
5: Tanium Server Workbenches (workbenches_manager.log)
6: Tanium Server Signature Verifier (signature_verifier.log)
7: Tanium Server DB Upgrade Log (database-upgrade0.txt)
R: Return to previous menu
------------------------------------------------------
- Select an item to view the log, follow its growth, delete it, or copy it to the /outgoing directory. View screen
------------------------------------------------------
>>> Tanium Support -> Log files -> View -> log0.txt <<<
Size: 3.6K Last Update: Apr 9 20:21
1: View log (exit by pressing 'q')
2: Follow log file growth (exit by pressing Ctrl-C)
A: Delete content of logfile
B: Copy to outgoing (sftp)
R: Return to previous menu
------------------------------------------------------
When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).
Review Tanium solution module logs
If you are diagnosing issues with expected behavior for solution modules, examine the module logs.
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 3 to go to the Tanium Support menu.
- Enter 2 to go to the Module Log Files Access menu.
- Select an item to view its submenu.
- Select an item to view the log, follow its growth, delete it, or copy it to the /outgoing directory.
When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).
Review the configuration
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 2 to go to the Tanium Operations menu. View screen
------------------------------------------------------
>>> Tanium Operations Menu <<<
1: Tanium Service Control
2: Tanium Configuration Settings
3: Change Tanium Port
4: Install Custom SOAP Cert
5: Manage Custom Signing Keys
6: Download Public Key
7: Download SOAP Certificate
A: Configure Remote Module Server
B: Configure Tanium Cluster
C: Manage Content
M: Module Operations
I: Import public key to Tanium Zone Server
X: Advanced Operations
H: Help
R: Return to previous menu
------------------------------------------------------
-
Enter 2 to go to the Configuration Settings menu. View screen
------------------------------------------------------
>>> Tanium Operations -> Configuration Settings <<<
Note: Some settings may require a service restart to take effect.
1: Edit Tanium Server Settings
2: Edit Tanium Server TDL Settings
3: Add Tanium Server TDL Auth User
4: Add Tanium Server TDL Auth Cert
5: Edit Tanium Module Server Settings
6: Edit Tanium Module Server TDL Settings
7: Add Tanium Module Server TDL Auth User
8: Add Tanium Module Server TDL Auth Cert
9: Edit Tanium Zone Server Settings
11: Edit isolated subnets list
12: Edit separated subnets list
13: Control RedHat CA Cert
H: Help
R: Return to previous menu
------------------------------------------------------
-
Use the menu to view and edit Tanium server configuration files.
Run Tanium Support Gatherer
The Tanium Support Gatherer (TSG) collects system status, process status, network interface status, and so on, to help Tanium Support evaluate possible appliance or Tanium server issues.
Each Tanium server component has a predefined list of files and commands to gather relevant data. The TSG output files are placed in the SFTP outgoing directory. The output files are ZIP archives, named with their collection or module name and a datestamp. The files remain in the outgoing directory until a daily cleanup task removes them. From the TSG menu, you specify a single item (a module or collection of files) or a comma-separated list of items.
The ZIP files are password-protected. The password is the fully-qualified domain name of the appliance from which the TSG was run.
- Sign into the TanOS console as a user with the tanadmin role.
- Enter 3 to go to the Tanium Support menu. View screen
------------------------------------------------------
>>> Tanium Support menu <<<
1: Tanium Log Files
2: Tanium Module Log Files
3: Database Operations
4: Run Network Diagnostics
5: Run Health Check
6: Display Last Scheduled Health Check Results
7: Appliance Hardware Report
A: Run TSG (Tanium Support Gatherer)
B: Run Tcpdump
P: Performance Monitoring
X: Advanced Support
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter A to go to the Tanium Support Gatherer menu. View screen
------------------------------------------------------
>>> Tanium Support -> Tanium Support Gatherer (TSG) <<<
**NOTE** TSG runtimes will vary depending on collections selected.
The hardware inventory command can take 12 minutes on large appliances.
Please select a module, platform or appliance feature for which to gather support data below.
# Module
1 taniummoduleserver
2 taniumserver
# Collections
3 Appliance Support Files (OS,Hardware,Network,Auth,DB)
4 Platform Support Files (regardless of role)
5 Database Support Files
6 All Module Support Files
7 Everything
R Return to main menu
Please select a menu item or comma separated list:
- Specify a single line item number or a comma-separated list of item numbers.
TanOS runs the report and indicates the path to the zipped report file. View screen
------------------------------------------------------
>>> Tanium Support -> TSG -> Run <<<
Run TSG with --taniumserver
2020-09-04 21:34:30 +0000 Starting Tanium Service Gatherer (TSG)
2020-09-04 21:34:30 +0000 Starting taniumserver Collection
2020-09-04 21:34:30 +0000 Completed taniumserver Collection
2020-09-04 21:34:30 +0000 Collection Result is 0
2020-09-04 21:34:30 +0000 Tanium Service Gatherer Complete
2020-09-04 21:34:30 +0000 Zipping results to sftp outgoing /opt/home/tancopy/outgoing/2020-04-09-2134-appliance-156-tsg_taniumserver.zip
Press enter to continue
- Press Enter to progress through the reports you selected.
- Use SFTP to copy the archive to your local working directory.
Examine OS processes and files
In rare cases, you or Tanium Support might need to examine OS processes and files written to the file system.
Any unauthorized access of the appliance operating system outside of the Tanium provided system UI (TanOS Menu system) will void the warranty of the appliance.
Open read-only restricted shell
- Sign into the TanOS console as a user with the tanadmin role.
- Enter B to go to the Appliance Maintenance menu. View screen
------------------------------------------------------
>>> Appliance Maintenance <<<
1: Backup
2: Alerting
3: Upgrade TanOS
5: Activation Keys
A: Clean directories
B: Reboot/Shutdown
C: Maintenance mode
I: Increase storage
X: Advanced Maintenance
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 5 to go to the Activation Keys menu. View screen
------------------------------------------------------
>>> Appliance Maintenance -> Activation Keys <<<
Current shell authorization for tanadmin is expired
Virtual Activation key is expired
1: Validate Response
O: Open Read Only Restricted Shell
W: Request Read Write Restricted Shell Activation
F: Request Full Shell Activation
L: Shell Key Listing
A: Revoke All Shell Keys
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter O to open a read-only shell. View screen
>>> Appliance Maintenance -> Launch Read Only Restricted Shell <<<
RO access is still valid. A read only restricted shell will be opened.
The shell will be forcibly closed after 10 minutes of inactivity.
Are you sure you want to open RO shell? [Yes|No]: yes
([email protected])/
(0 13:43:24 1) ->
- Enter exit to close the shell.
- When you are finished troubleshooting, go to the Activation Keys menu and enter 2 to remove shell access.
Request read-write restricted shell or full shell access
You must follow a special procedure to request read-write restrictive shell access or full shell access.
- Sign into the TanOS console as a user with the tanadmin role.
- Enter B to go to the Appliance Maintenance menu.
- Enter 5 to go to the Activation Keys menu.
- Enter W or F, and follow the prompts to generate a shell access request package. The package is written to the /outgoing folder. View screen
All previous keys or requests have been deactivated.
The request file TanOS-key-request.tgz has been copied to tancopy outgoing.
Provide the request file to your Tanium TAM and they will provide a response
for verification.
The response file will be valid for 24 hours after processing.
Press enter to continue
-
Use SFTP to copy the request file from the /outgoing directory to your local computer.
- Email the file and TanOS version information to Tanium Support. For more information, see Contact Tanium Support.
Tanium Support will send you a response file.
- Use SFTP to copy the response file to the /incoming directory.
- At the Appliance Maintenance > Activation Keys menu prompt, enter 1 to validate the response. View screen
>>> Appliance Maintenance -> Feature Request -> Validate Response <<<
Signature verified, genuine response
Verifying DB matches
DB Match has been found
Request is still valid
Shell access timeout has been updated.
Return to the menu to open a shell session.
Press enter to continue
The Activation Keys menu now has additional options. View screen
------------------------------------------------------
>>> Appliance Maintenance -> Activation Keys <<<
Current shell authorization type is Read Write Restricted Shell
Current shell authorization expires in 1 hour 59 minutes
Virtual Activation key is expired
1: Validate Response
2: Remove shell access
3: Launch Read Write Restricted Shell
O: Open Read Only Restricted Shell
W: Request Read Write Restricted Shell Activation
F: Request Full Shell Activation
L: Shell Key Listing
A: Revoke All Shell Keys
H: Help
R: Return to previous menu
------------------------------------------------------
- Enter 3 to launch the shell. View screen
>>> Appliance Maintenance -> Shell Access -> Laynch Unrestricted Shell <<<
Access is still valid. A unrestricted access shell will be opened
All connections (regardless of shell access) will be forcibly closed
after 60 minutes.
([email protected])~
(0 20:02:08 1) ->
- Enter exit to close the shell.
- When you are finished troubleshooting, go to the Activation Keys menu and enter 2 to remove shell access.
Contact Tanium Support
To contact Tanium Support for help, send an email to [email protected].
To receive ongoing support services for physical appliances, renew the annual support and maintenance services on each physical appliance. Customers can renew support and maintenance services for a maximum of 6 years from the original purchase date.
