Troubleshooting

View version information

When discussing issues, it is important to communicate precise version information with colleagues and with Tanium Support. This screen also provides other important information, such as system time, uptime, and basic network configuration details.

  1. Sign in to the TanOS console as a user with the tanadmin or tanuser role.
  2. Enter @ to go to the About this Appliance menu that shows version information, system time, uptime, and basic network configuration details. ClosedView screen

Run the Health Check

After initial configuration, TanOS automatically runs a health check every 15 minutes. The results for the latest health check are stored in the health.log file in the /outgoing directory.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 to go to the Tanium Support menu. ClosedView screen
  3. Enter 5 to run the health check. ClosedView screen

    Results appear on screen, and the results are also stored in the health.log file in the /outgoing directory.

If your health check report prompts you to accept the end-user license agreement (EULA), go to the tanadmin menu and enter Q to view the EULA. Follow the prompts to accept the license agreement.

The TanOS health check provides a warning when the available space is 70% full. When the available space is 95% full, TanOS stops all Tanium services to preserve TanOS functionality.

After you perform the initial configuration for an appliance, a core backup is scheduled by default. The health check reports an error that automatic backups cannot complete until you set up an encryption key. To remove the error from the health check, you can either add an encryption key or disable the scheduled core backup. For information on how to disable the core backup, see Configure an automatic backup.

Overview of Appliance logs, reports, and troubleshooting features

The following logs, reports, and troubleshooting features can help diagnose issues with the Appliance itself. For additional information about logs and troubleshooting for Tanium Core Platform servers, see Tanium Core Platform Deployment Reference Guide: Logs and troubleshooting.

  • About this Appliance screen: This screen provides information about the Appliance version, system time, uptime, and basic network configuration details.
  • Advanced Support menu: This menu provides options for exporting core files, generating process dumps, and viewing directory space usage.
  • Database Operations menu: This menu provides options for viewing information about Tanium database operations.
  • Health Check report: This report provides information on the health of the Appliance operating system, hardware, users, network, services, applications, database replication, RAID security, Postgres SSL, and OVA.

  • Network Diagnostics menu: This menu provides options for running network diagnostic procedures, viewing networking information, and viewing firewall details.
  • Performance Monitoring menu: This menu provides options for viewing information about system activity, processes, input/output usage, CPU usage, and other resource usage.
  • Read-only restricted shell: Opening an RO shell enables you to view files on the Appliance file system, including logs that are not accessible through the TanOS console.
  • SNMP walk: You can configure integration with a Simple Network Management Protocol (SNMP) manager for collecting and analyzing Appliance information.
  • Status menu: This menu provides options for viewing information about system activity, processes, input/output usage, CPU usage, and other resource usage.
  • Syslog forwarding: You can forward Appliance logs to a remote syslog server.
  • Tanium Support Gatherer: The Tanium Support Gatherer (TSG) provides information on the status of the Appliance system, processes, and network interfaces.
  • TanOS event log: This log records major events on the Appliance, such as server installations, upgrades, initial configuration, software resets, backups, partition synchronization, Tanium Module Server synchronization, Tanium Core Platform services stopped due to lack of disk space, Tanium Server or Module Server failover, and restricted or unrestricted shell access.
  • TanOS log: This log records events that relate to Appliance installation and automatic backups.
  • TanOS partition sync log: This log records events that relate to partition synchronization on Appliances with active and inactive partitions.
  • TanOS upgrade log: This log records events that relate to Appliance upgrades.
  • TCP dump: Running a TCP dump creates a packet capture (PCAP) file for the network interface that you select. PCAP files capture real-time data packets that traverse a network. You can use the files to analyze network traffic and troubleshoot network issues.

Restart services or networking

Check whether a Tanium service needs to be restarted. You can use the TanOS menu to stop a service whether the service is enabled, and you can use TanOS to start a service if the service is enabled.

Restart services

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 2 to go to the Tanium Operations menu. ClosedView screen
  3. Enter 1 to go to the Tanium Service Control menu. ClosedView screen
  4. Enter the line number of the service you want to manage to view the service commands. ClosedView screen
  5. Type the number of a service control command to issue the command.

Restart networking

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter A to go to the Appliance Configuration menu. ClosedView screen
  3. Enter 2 to go to the Networking Configuration menu. ClosedView screen
  4. Enter 4 to restart networking.

Reinitialize replication

Use this procedure after the secondary database server has been promoted to primary, or to reinitialize a broken Tanium cluster.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 2 to go to the Tanium Operations menu.
  3. Enter B to go to the Cluster Configuration menu.
  4. Enter B and follow the prompts to reinitialize replication.

Review the TanOS event log

The TanOS event log records major events on the Appliance, such as server installations, upgrades, initial configuration, software resets, backups, partition synchronization, Tanium Module Server synchronization, Tanium Core Platform services stopped due to lack of disk space, Tanium Server or Module Server failover, and restricted or unrestricted shell access.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 to go to the Tanium Support menu. ClosedView screen
  3. Enter 1 to go to the Logs menu. ClosedView screen
  4. Enter 1 to go to the TanOS Appliance menu.
  5. Enter 7 to go to the TanOS Event Log menu.
  6. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory.

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).

Review Tanium Core Platform logs

If you are diagnosing issues with the Tanium Core Platform installation, review the logs. For additional information about logs and troubleshooting for Tanium Core Platform servers, see Tanium Core Platform Deployment Reference Guide: Logs and troubleshooting.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 to go to the Tanium Support menu. ClosedView screen
  3. Enter 1 to go to the Logs menu. ClosedView screen
  4. Select an item to view its submenu. ClosedView screen
  5. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory. ClosedView screen

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).

Review Tanium solution module logs

If you are diagnosing issues with expected behavior for solution modules, examine the module logs.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 to go to the Tanium Support menu.
  3. Enter 2 to go to the Module Log Files Access menu.
  4. Select an item to view its submenu.
  5. Select an item to view the log, follow its growth, delete it, or copy it to the /outgoing directory.

When you view a log, you can use commands similar to vi editor commands to search for patterns (keywords).

Review the configuration

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 2 to go to the Tanium Operations menu. ClosedView screen
  3. Enter 2 to go to the Configuration Settings menu. ClosedView screen
  4. Use the menu to view and edit Tanium server configuration files.

Run Tanium Support Gatherer

The Tanium Support Gatherer (TSG) collects system status, process status, network interface status, and so on, to help Tanium Support evaluate possible appliance or Tanium server issues.

Each Tanium server component has a predefined list of files and commands to gather relevant data. The TSG output files are placed in the SFTP outgoing directory. The output files are ZIP archives, named with their collection or module name and a datestamp. The files remain in the outgoing directory until a daily cleanup task removes them. From the TSG menu, you specify a single item (a module or collection of files) or a comma-separated list of items.

The ZIP files are password-protected. The password is the fully-qualified domain name of the appliance from which the TSG was run.
  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 to go to the Tanium Support menu. ClosedView screen
  3. Enter A to go to the Tanium Support Gatherer menu. ClosedView screen
  4. Enter A to run the Tanium Support Gatherer.

    TanOS runs the report and indicates the name of the zipped report file. ClosedView screen

  5. Use SFTP to copy the zipped report to your local machine.

Run Tcpdump

Running a TCP dump creates a packet capture (PCAP) file for the network interface that you select. PCAP files capture real-time data packets that traverse a network. You can use the files to analyze network traffic and troubleshoot network issues.

You can add filters to the report to control how much data is captured. You can also see a preview of the report before you run the command.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 to go to the Tanium Support menu. ClosedView screen
  3. Enter B to go to the TcpDump menu. ClosedView screen
  4. Choose the network interface on which you want to run the command.
  5. To limit the results, add filters such as IP/FQDN, port numbers, file size, or time range. ClosedView screen
  6. Enter yes or no to accept or decline a preview of the file.
  7. Enter yes to launch TCP dump and create the file. ClosedView screen
  8. Use SFTP to copy the file from the /outgoing directory to your local computer.

Examine Tanium and TanOS files

In rare cases, you or Tanium Support might need to examine Tanium and TanOS files written to the file system.

Any unauthorized access of the appliance operating system outside of the Tanium provided system UI (TanOS Menu system) voids the warranty of the appliance.
From read-only and read-write shells, you can access the /incoming directory at /xfer/incoming and the /outgoing directory at /xfer/outgoing.

Open read-only restricted shell

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter B to go to the Appliance Maintenance menu. ClosedView screen
  3. Enter 5 to go to the Shell Keys menu. ClosedView screen
  4. Enter O to open a read-only shell. ClosedView screen
  5. Enter exit to close the shell.
  6. When you are finished troubleshooting, go to the Shell Keys menu and enter 2 to remove shell access.

Request read-write restricted shell or full shell access

You must follow a special procedure to request read-write restrictive shell access or full shell access.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter B to go to the Appliance Maintenance menu.
  3. Enter 5 to go to the Shell Keys menu.
  4. Enter W or F, and follow the prompts to generate a shell access request package. The package is written to the /outgoing folder. ClosedView screen
  5. Use SFTP to copy the request file from the /outgoing directory to your local computer.
  6. Email the file and TanOS version information to Tanium Support. For more information, see Contact Tanium Support.
  7. Tanium Support sends you a response file.

  8. Use SFTP to copy the response file to the /incoming directory.
  9. At the Appliance Maintenance > Shell Keys menu prompt, enter 1 to validate the response. ClosedView screen
  10. The Shell Keys menu now has additional options. ClosedView screen

  11. Enter 3 to launch the shell. ClosedView screen
  12. Enter exit to close the shell.
  13. When you are finished troubleshooting, go to the Shell Keys menu and enter 2 to remove shell access.

Shell keys expire seven days after they are created by Tanium Support.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.

To receive ongoing support services for Tanium™ Physical Appliances, renew the annual support and maintenance services on each Tanium Physical Appliance. Customers can renew support and maintenance services for a maximum of 6 years from the original purchase date.