Troubleshooting

Use the following procedures, settings, and logs to troubleshoot issues relating to the Tanium Console and Tanium Interact. For additional troubleshooting information, see the Tanium Support KB: Tanium Console.

Basic troubleshooting tips

  • Check with your Technical Account Manager (TAM) to ensure the Tanium™ software version is a recommended version.
  • Ensure all Tanium Core Platform components are the same version. For example, make sure all have build number 7.3.314.4103. The Build number appears at the top right of the Tanium Console.
  • Review any error messages reported to the Tanium Console: see View and copy the Tanium Console error log.
  • If authentication errors prevent access to the Tanium Console, check the authentication logs (auth<#>.txt) in the <Tanium_Server>/Logs directory.
  • If the Tanium Console is unavailable, check the status of the Tanium databases on the database server. Also check the status of the Tanium Server service and, if necessary, restart it: see Manage the Tanium Server service.

Manage the Tanium Server service

The steps to check the status of, and restart, the Tanium Server service vary by platform:

View and copy the Tanium Console error log

The Tanium Console maintains an error log on the local host computer for your web browser. It includes details on errors returned to the Tanium Console in response to actions taken with the browser, such as attempting to save a configuration or import an XML file.

To view the log, click the selector next to the logged in username and select Local Error Log.

Click Copy to copy the log details to the clipboard.


Monitor Tanium Client registration and communication

Go to the Administration > System Status page to see the real-time status of Tanium Client registration and communication.

You must have a role with the Read System Status (micro admin) permission to see the System Status page and filter the table. Users with the Administrator reserved role have this permission.

Table 1:   System Status columns
Column Description
Host Name Computer hostname.
Network Location (from client) Client IP address returned from a sensor on the client.
Network Location (from server) Client IP address recorded on the server during the last registration.
Direction The circle represents the client, and arrows in relation to the circle represent connections:
  • Up arrow—Connection to the Tanium Server.
  • Right side—Inbound and outbound connections to forward peers.
  • Left side—Inbound and outbound connections to backward peers.

An X in the circle indicates a connection is blocked (probably by a firewall).

A dashed line indicates a slow link.

Valid Key No indicates a problem with the public key that has been installed with the Tanium Client. Redeploy the public key file or reinstall the Tanium Client.
Send State
  • Backward Only
  • Forward Only
  • None
  • Normal
Receive State
  • Next Only
  • Previous Only
  • None
  • Normal
Status The Connection Status of each Tanium Client is either Normal or one or more of the following states:
  • Slow Link
  • Leader
  • Blocked
Last Registration Timestamp of the last time the Tanium Client registered with the server.
Protocol Version Tanium protocol version. This column is hidden by default.
Version Tanium Client version.

Configure server logging levels

Your TAM might instruct you to change the log verbosity levels for the Tanium Server and Tanium Module Server when troubleshooting issues.

Only users assigned the Administrator reserved role can see and use the Configuration > Common > Log Level page.

  1. Go to Configuration > Common > Log Level.
  2. Set the logging levels. The following decimal values are best practices for specific use cases.
    • 0: Logging disabled.
    • 1: Normal log level.
    • 41: Best practice value during troubleshooting.
    • 91 or higher: Most detailed log level. Enable for short periods of time only.
  3. Save your changes.

View plugins and plugin schedules

A plugin is an extension to a Tanium Core Platform component or solution module. A scheduled plugin is a process that is set to run at a specified interval. Plugin operations are usually transparent to users. However, your TAM might instruct you to review plugin details when troubleshooting unexpected behavior.

Only users assigned the Administrator reserved role can access the Configuration pages for viewing plugin information.

To see details about installed plugins, go to Configuration > Common > Plugins.

To see details about scheduled plugins, go to Configuration > Common > Plugin Schedules.

To review the history of plugin executions, see the module-history<#>.txt logs in the <Module_Server>/Logs folder on the Tanium Module Server.

View cache usage

Your TAM might instruct you to monitor cache usage when troubleshooting download issues.

Only users assigned the Administrator reserved role can see and use the Configuration > Tanium Server > Cache Info page.

Go to Configuration > Tanium Server > Cache Info and review the information.

View the info page

Your TAM might instruct you to review settings or counters displayed on the info page.

  1. Open a browser and go to https://<FQDN>/info.
  2. When prompted, specify credentials for a user assigned the Administrator reserved role.



Tanium Support

Your TAM is your first contact for assistance with preparing for and performing an installation or upgrade, as well as verifying and troubleshooting the initial deployment. If you require further assistance from Tanium Support, please be sure to include version information for Tanium Core Platform components and specific details on dependencies, such as the host system hardware and OS details and database server version. Log into https://support.tanium.com and submit a new ticket or send us an email at [email protected]

Last updated: 10/15/2019 2:34 PM | Feedback