Support and Troubleshooting

View version information

When discussing issues, it is important to communicate precise version information with colleagues and with Tanium Support. This screen also provides other important information, such as system time, uptime, and basic network configuration details.

  1. Sign in to the TanOS console as a user with the tanadmin or tanuser role.
  2. Enter @ to go to the About this Appliance menu that shows version information, system time, uptime, and basic network configuration details. ClosedView screen

Run the Health Check

After initial configuration, TanOS automatically runs a health check every 15 minutes. The results for the latest health check are stored in the health.log file in the /outgoing directory.

The health check sends alerts if they are enabled. As a best practice:

  • Enable alerts.

  • Configure a severity level for alerts that matches the checks for which you want to receive alerts. For information about specific alerts, including severity levels, see Reference: TanOS health check results.

  • Configure an SMTP destination to send email alerts.

  • (Optional) Configure a syslog destination.

For the steps to configure alerts, see Configure syslog alerts.

To run a health check manually:

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3 (Tanium Support).

  3. Enter 5 to run the health check. ClosedView screen

    Results appear on screen, and the results are also stored in the health.log file in the /outgoing directory. For details about each check, see Reference: TanOS health check results.

If your health check report prompts you to accept the end-user license agreement (EULA), go to the tanadmin menu and enter Q to view the EULA. Follow the prompts to accept the license agreement.

The TanOS health check provides a warning when the available space is 70% full on any partition. When the available space is 95% full, TanOS stops all Tanium services to preserve TanOS functionality.

After you perform the initial configuration for an appliance, a core backup is scheduled by default. The health check reports an error that automatic backups cannot complete until you set up an encryption key. To remove the error from the health check, you can either add an encryption key or disable the scheduled core backup. For information on how to disable the core backup, see Configure an automatic backup.

Overview of Tanium Appliance logs, reports, and troubleshooting features

The following logs, reports, and troubleshooting features can help diagnose issues with the appliance itself. For additional information about logs and troubleshooting for Tanium Core Platform servers, see Tanium Core Platform Deployment Reference Guide: Logs and troubleshooting.

  • About this Appliance screen: This screen provides information about the Tanium Appliance version, system time, uptime, and basic network configuration details.
  • Advanced Support menu: This menu provides options for exporting core files, generating process dumps, and viewing directory space usage.
  • Cloud Access Point log: This log records access information for Tanium Clients that connect to Tanium Cloud through an appliance with the Cloud Access Point role.
  • Database Operations menu: This menu provides options for viewing information about Tanium database operations.
  • Health Check report: This report provides information on the health of the appliance operating system, hardware, users, network, services, applications, database replication, RAID security, Postgres SSL, and the virtual machine (if applicable).

  • Network Diagnostics menu: This menu provides options for running network diagnostic procedures, viewing networking information, and viewing firewall details.
  • Performance Monitoring menu: This menu provides options for viewing information about system activity, processes, input/output usage, CPU usage, and other resource usage.
  • Read-only restricted shell: Opening an RO shell enables you to view files on the appliance file system, including logs that are not accessible through the TanOS console.
  • SNMP walk: You can configure integration with a Simple Network Management Protocol (SNMP) manager for collecting and analyzing appliance information.
  • Status menu: This menu provides options for viewing information about system activity, processes, input/output usage, CPU usage, and other resource usage.
  • Syslog forwarding: You can forward appliance logs to a remote syslog server.
  • Tanium Support Gatherer: The Tanium Support Gatherer (TSG) provides information on the status of the appliance system, processes, and network interfaces.
  • TanOS event log: This log records major events on the appliance, such as server installations, upgrades, initial configuration, software resets, backups, partition synchronization, Tanium Module Server synchronization, Tanium Core Platform services stopped due to lack of disk space, Tanium Server or Module Server failover, and restricted or unrestricted shell access.
  • TanOS partition sync log: This log records events that relate to partition synchronization on appliances with active and inactive partitions.
  • TanOS upgrade log: This log records events that relate to appliance upgrades.
  • TCP dump: Running a TCP dump creates a packet capture (PCAP) file for the network interface that you select. PCAP files capture real-time data packets that traverse a network. You can use the files to analyze network traffic and troubleshoot network issues.

Restart services or networking

Check whether a Tanium service needs to be restarted. You can use the TanOS menu to stop a service whether the service is enabled, and you can use TanOS to start a service if the service is enabled.

Restart services

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 2-1 (Tanium Operations > Tanium Service Control).

  3. Enter the line number of the service you want to manage to view the service commands. ClosedView screen
  4. Type the number of a service control command to issue the command.

Restart networking

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter A-2 (Appliance Configuration > Networking Configuration).

  3. Enter 4 to restart networking.

Exit maintenance mode after an error

Some maintenance procedures that you perform in TanOS automatically enter maintenance mode to ensure Tanium services are not affected by the maintenance operation. When the operation completes, TanOS automatically exits maintenance mode and resumes normal operations. However, if an error occurs during a maintenance operation, TanOS can sometimes stay in maintenance mode. If TanOS indicates that you are unable to perform an operation due to maintenance activity, you can manually exit maintenance mode.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter B-C (Appliance Maintenance > Maintenance Mode).

  3. Enter 1 to clear any maintenance actions.

Reinitialize replication

Use this procedure after the secondary database server has been promoted to primary, or to reinitialize a broken Tanium cluster.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 2-B (Tanium Operations > Cluster Configuration).

  3. Enter B and follow the prompts to reinitialize replication.

Review the TanOS event log

The TanOS event log records major events on the appliance, such as server installations, upgrades, initial configuration, software resets, backups, partition synchronization, Tanium Module Server synchronization, Tanium Core Platform services stopped due to lack of disk space, Tanium Server or Module Server failover, and restricted or unrestricted shell access.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3-1-1-7 (Tanium Support > Logs > TanOS Appliance > TanOS Event Log).

  3. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory.

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).

Review Tanium Core Platform logs

If you are diagnosing issues with the Tanium Core Platform installation, review the logs. For additional information about logs and troubleshooting for Tanium Core Platform servers, see Tanium Core Platform Deployment Reference Guide: Logs and troubleshooting.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3-1 (Tanium Support > Logs).

  3. Select an item to view its submenu. ClosedView screen
  4. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory. ClosedView screen

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).

Review Tanium solution module logs

If you are diagnosing issues with expected behavior for solution modules, examine the module logs.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3-2 (Tanium Support > Module Log Files Access).

  3. Select an item to view its submenu.
  4. Select an item to view the log, follow its growth, delete it, or copy it to the /outgoing directory.

When you view a log, you can use commands similar to vi editor commands to search for patterns (keywords).

Review the configuration

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 2-2 (Tanium Operations > Configuration Settings).

  3. Use the menu to view and edit Tanium Core Platform server configuration files.

Run Tanium Support Gatherer

The Tanium Support Gatherer (TSG) collects system status, process status, network interface status, and so on, to help Tanium Support evaluate possible appliance or Tanium Core Platform server issues.

Each Tanium Core Platform server has a predefined list of files and commands to gather relevant data. The TSG output files are placed in the SFTP outgoing directory. The output files are ZIP archives, named with their collection or module name and a datestamp. The files remain in the outgoing directory until a daily cleanup task removes them. From the TSG menu, you specify a single item (a module or collection of files) or a comma-separated list of items.

The ZIP files are password-protected. The password is the fully-qualified domain name of the appliance from which the TSG was run.
  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3-A (Tanium Support > Tanium Support Gatherer).

  3. Enter A to run the Tanium Support Gatherer.

    TanOS runs the report and indicates the name of the zipped report file. ClosedView screen

  4. Use SFTP to copy the zipped report to your local machine.

Copy core files

To upload the Core Files directly to an SFTP destination from the /outgoing directory, you must add the tanadmin user's public SSH key to the SFTP user's authorized keys on the remote host. For information, see Manage SSH keys.

  1. Sign in to the TanOS console as a user with the tanadmin role.

  2. Enter 3-X-1 (Tanium Support > Advanced Support > Copy Core Files).

  3. Enter the line number of the core files to copy.

    TanOS generates a ZIP file containing the compressed core files and uploads it to the /outgoing directory.

  4. To upload the generated file to an SFTP location using TanOS, enter Yes and follow the prompts to enter the SFTP host IP or fully qualified domain name (FQDN), remote user name, and destination directory and file name.

Run tcpdump

Running a TCP dump creates a packet capture (PCAP) file for the network interface that you select. PCAP files capture real-time data packets that traverse a network. You can use the files to analyze network traffic and troubleshoot network issues.

You can add filters to the report to control how much data is captured. You can also see a preview of the report before you run the command.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter 3-B (Tanium Support > TcpDump).

  3. Choose the network interface on which you want to run the command.
  4. To limit the results, add filters such as IP/FQDN, port numbers, file size, or time range. ClosedView screen
  5. Enter yes or no to accept or decline a preview of the file.
  6. Enter yes to launch TCP dump and create the file. ClosedView screen
  7. Use SFTP to copy the file from the /outgoing directory to your local computer.

Run network diagnostics

Use the Network Diagnostics menu to run basic diagnostic procedures.

Ping a remote system

  1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
  2. Enter 3-4-F (Tanium Support > Run Network Diagnostics > Ping Remote System).

  3. Enter the IP address or fully qualified domain name (FQDN) of the system to ping to view connection information.

Test a connection using a remote port

The Test Remote Port screen allows you to attempt a connection to a given destination and port using TCP.

  1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
  2. Enter 3-4-2 (Tanium Support > Run Network Diagnostics > Test Remote Port (TCP)).

  3. Enter the IP address or FQDN of the destination to test.
  4. Enter the port number for the connection.
    The TanOS console indicates whether the appliance can successfully connect using the specified port.

Trace the connection path to a destination

Use the Trace Path screen to run a traceroute command to a remote destination using a specified connection protocol.

  1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
  2. Enter 3-4-3 (Tanium Support > Run Network Diagnostics > Trace Path).

  3. Enter the protocol to use for the connection, the FQDN or IP address of the destination, and the port to view the connection path between the appliance and the destination.

Resolve a host name

  1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.
  2. Enter 3-4-4 (Tanium Support > Run Network Diagnostics > Resolve Name).

  3. Enter the FQDN to find its IP address.

Check IPSEC

  1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
  2. Enter 3-3 (Tanium Support > Database Operations).

  3. Enter 5 to view information about any active IPsec tunnels..

Listening ports

  1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
  2. Enter 3-3 (Tanium Support > Database Operations).

  3. Enter 6 to view a list of all detected listening ports.

Show firewall

  1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.
  2. Enter 3-3 (Tanium Support > Database Operations).

  3. Enter 7 to view firewall details.

Examine Tanium and TanOS files

In rare cases, you or Tanium Support might need to examine Tanium and TanOS files written to the file system.

Any unauthorized access of the appliance operating system outside of the Tanium provided system UI (TanOS Menu system) voids the warranty of the appliance.
From read-only and read-write shells, you can access the /incoming directory at /xfer/incoming and the /outgoing directory at /xfer/outgoing.

Open read-only restricted shell

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter B-5 (Appliance Maintenance > Shell Keys).

  3. Enter O to open a read-only shell. ClosedView screen
  4. Enter exit to close the shell.

Request read-write restricted shell or full shell access

You must follow a special procedure to request read-write restrictive shell access or full shell access.

  1. Sign in to the TanOS console as a user with the tanadmin role.
  2. Enter B-5 (Appliance Maintenance > Shell Keys).

  3. Enter W or F, and follow the prompts to generate a shell access request package. The package is written to the /outgoing folder. ClosedView screen
  4. Use SFTP to copy the request file from the /outgoing directory to your local computer.
  5. Email the file and TanOS version information to Tanium Support. For more information, see Support for Tanium Appliances.
  6. Tanium Support sends you a response file. For multiple appliances, you might receive multiple files named with serial numbers.

  7. Use SFTP to copy the response file to the /incoming directory. The file name must be in the format TanOS-key-response*.tgz or TanOS-key-serialNo*.tgz.
  8. At the Appliance Maintenance > Shell Keys menu prompt, enter 1, and then enter the number of a response file to validate the response. ClosedView screen
  9. The Shell Keys menu now has additional options. ClosedView screen

  10. Enter 3 to launch the shell. ClosedView screen
  11. Enter exit to close the shell.
  12. When you are finished troubleshooting, go to the Shell Keys menu and enter 2 to remove shell access.

Shell keys expire seven days after they are created by Tanium Support.

Support for Tanium Appliances

To contact Tanium Support for help, sign in to https://support.tanium.com.

TanOS support lifecycle

Tanium routinely provides security patches, feature improvements and bug fix repairs to TanOS appliances via in-place upgrades, incrementing TanOS versions forward. These upgrades are the only way to ensure your Tanium appliance is patched against the latest security vulnerabilities and known software issues, since Tanium only releases versions forward and does not release patches against previously released versions. Tanium offers a fixed date lifecycle policy for Tanium Appliances. Physical hardware support terms are different and can be found in the Hardware Terms and Conditions.

In order to be able to provide support for Tanium Appliances, the TanOS version must not be older than 18 months from the date of release. Customers are required to upgrade TanOS versions that have reached end of support prior to Tanium working on a support case. Customers are strongly encouraged to stay on the latest release of TanOS to ensure they are using the most secure and functional Tanium Appliance product available.

For TanOS versions that are beyond the support lifecycle term, Tanium offers commercially reasonable support as follows:

  • Commercially reasonable support incidents will be provided through Tanium Support. If the support incident requires escalation to development for further guidance or requires a non-security or a security update, then customers will be asked to upgrade to a fully supported TanOS version.

  • Commercially reasonable support does not include an option to engage Tanium product development resources; technical workarounds may be limited or not possible.

Tanium customers are expected to use the provided upgrade paths to maintain TanOS at a supported version on an ongoing basis. Previous TanOS release dates can be viewed in the Tanium Knowledge Base, to determine if a given version is still within the Tanium support window.

Support information for physical Tanium Appliances

For detailed information about support for physical Tanium Appliances, review your hardware support terms with Tanium. To receive ongoing support services for physical appliances, renew the annual support and maintenance services on each appliance. Customers can renew support and maintenance services for a maximum of 6 years from the original purchase date. Tanium Support is always the primary contact for all Tanium Appliance concerns, including hardware issues.