Tanium 6.x: System Status

 

Overview

Particularly useful in troubleshooting, the System Status tab provides the Console Administrator an overview of the currently online computers being managed by a Tanium Client that has recently registered with the Tanium Server. Ideally, an Administrator would want to see most machines registering themselves relatively recently.

1597px-System-status-overview.png

Visible to only Console user's with the Administrator role, the System Status tab provides important details for troubleshooting and performance optimization.

Along with important status information about the health and configuration of the client itself, the System Status tab also includes details about how those clients are communicating with one another. As part of the periodic registration process, each Tanium Client checks in with the Tanium Server not only to identify itself, but also to gather network details about the client's peers, thus enabling the clients to maintain the optimal communication configuration for the dynamically changing network topology.

Network Location

The Network Location columns present the IP address of the Tanium Client from the perspective of both the client and the server. Frequently these addresses are the same, but network configurations such as NAT can cause these addresses to be different.

Valid Key

This column indicates whether the client is communicating with the correct Tanium.pub file. If an entry reports “Yes” this means that the client can send and receive data from the Tanium Server. If an entry in this column reports “No”, this indicates that the wrong or no .pub installed on the client. To fix bad key files, simply re-deploy the Tanium agent or .pub file to the clients reporting “No”. It will not be possible to use Tanium to update the .pub file if the client does not have a valid key file for security reasons.

There may be some situations where a client is unable to successfully register with the Tanium Server and will report an invalid key file because the client is unable to present valid information to the Tanium Server. In these cases, please review network configurations (https://support.tanium.com/hc/en-us/articles/230533768-Troubleshooting-Client-Communication-To-Server) to ensure clients are able to communicate to and from the Tanium Server.

Using Reflection

As illustrated in the Tanium Network Topology diagram below, the Tanium platform is based on ordered rings of secure, peer-to-peer communication, so the Using Reflection column of the System Status tab summarizes how the Tanium Clients are communicating with one another and the server by identifying the Reflection direction and, when relevant, the applicable Reflection status.

1600px-Network-topology.png

 

The Using Reflection entry for each computer will contain one of the following Reflection direction values that identifies how communication takes place between the respective Tanium Client and the Tanium Server:

Backward
The client machine is the first member in a ring of communication, meaning that the client has not been able to establish a connection with any "Backward peers" and will therefore initiate communication to the Tanium Server instead.
No
The client is a middle member of a ring of communication, meaning that a peer client has connected to it and it is connected to another peer.
Forward
The client is the last node in a ring of communication and will forward communication back to the Tanium Server.

Across networks in which most managed computers are on the LAN, the majority of Tanium Clients should be reporting a Reflection direction value of “No”.

Reflection status

In addition to the Reflection direction value, the Using Reflection entry for each computer may include one or more of the following Reflection status values enclosed in parentheses:

Leader
The machine has the best connection to the server of its peers. The Leader is responsible for transferring files from the server to its peers.
SlowLinkAhead or SlowLinkBehind
The machine's connection to its forward or backward peer is considered non-reliable.
Blocked
The machine is currently not passing messages reliably. This may occur if there is a network problem or a host resource problem.

Version

The Version column reports the version of the Tanium Client software running on the managed machine.

A version entry of 0.0.0.0 is an expected value when a Tanium Client is registering. In most environments, there will be very few entries with this version at any given time. However, some entries of this version are to be expected.

If there are entries of 0.0.0.0 that persist, please review the Valid Key section of this document or Troubleshooting Client Communication to Server (https://support.tanium.com/hc/en-us/articles/230533768-Troubleshooting-Client-Communication-To-Server).

Protocol Version

This number reflects proprietary versioning information of the Tanium communication protocol and is reserved for future use.

Have more questions? Submit a request