Tenable Connect Support

Knowledge Base Article

Collecting Debugs for Tenable Products

DESCRIPTION

This article describes the process on how to generate a debug report in Tenable products. Please sanitize any IP addresses or other sensitive information prior to sending the debug report to Tenable Support, if required.

STEPS

Table of Contents

Nessus

Select the version you need for generating a Nessus debug.

Nessus GUI

The GUI feature was implemented on version Nessus 8.x.x and above.

  1. Open the Nessus GUI by going to, https://<nessus_ip>:8834
  2. Open the Settings menu tab.
  3. On the top right, use the Download logs button to download the Nessus debug log files.
  4. Choose the type of debug options.
  5. Use the Download button to download a nessus-bug-report.tar.gz file. The file should begin downloading automatically.

Windows CLI

Note: During the collection of logs from a Nessus application or an Agent install, you may see occurrences of:

[debug] Skipping collection; wrong OS.

The Nessus debug command contains the commands for all potential operating systems it can be run on. This message indicates that the command it is skipping is meant for a different operating system. For example, if the command is run on a MacOS host, all Linux and Windows related commands will be skipped.

  1. Open Command Prompt with "Run as Administrator" option.
  2. Generate the debug:"C:\Program Files\Tenable\Nessus\nessuscli" bug-report-generator
  3. When prompted to run in full mode, select Y.
  4. Copy the file from: C:\ProgramData\Tenable\Nessus\nessus\logs\nessus-bug-report-archive.txt

Linux CLI

Note: During the collection of logs from a Nessus application or an Agent install, you may see occurrences of:

[debug] Skipping collection; wrong OS.

The Nessus debug command contains the commands for all potential operating systems it can be run on. This message indicates that the command it is skipping is meant for a different operating system. For example, if the command is run on a MacOS host, all Linux and Windows related commands will be skipped.

  1. Open a Terminal as 'root'. Using sudo will work as well.
  2. Generate the debug:/opt/nessus/sbin/nessuscli bug-report-generator
  3. When prompted to run in full mode, select Y.
  4. Copy the file from: /opt/nessus/var/nessus/logs/nessus-bug-report-archive.tar.gz

Mac OS X CLI

Note: During the collection of logs from a Nessus application or an Agent install, you may see occurrences of:

[debug] Skipping collection; wrong OS.

The Nessus debug command contains the commands for all potential operating systems it can be run on. This message indicates that the command it is skipping is meant for a different operating system. For example, if the command is run on a MacOS host, all Linux and Windows related commands will be skipped.

  1. Open a Terminal as 'root'. Using sudo will work as well.
  2. Generate the debug:/Library/Nessus/run/sbin/nessuscli bug-report-generator
  3. Copy the file from: /Library/Nessus/run/var/nessus/logs/nessus-bug-report-archive.tar.gz

FreeBSD CLI

Note: During the collection of logs from a Nessus application or an Agent install, you may see occurrences of:

[debug] Skipping collection; wrong OS.

The Nessus debug command contains the commands for all potential operating systems it can be run on. This message indicates that the command it is skipping is meant for a different operating system. For example, if the command is run on a MacOS host, all Linux and Windows related commands will be skipped.

  1. Open a Terminal as 'root'. Using sudo will work as well.
  2. Generate the debug:/usr/local/nessus/bin/nessus-bug-report-generator
  3. Copy the file from: /usr/local/opt/nessus/bin/nessus-bug-report-archive.tar.gz

Tenable Vulnerability Management

Note: this method requires that the scanner is online and communicating with Tenable Vulnerability Management. For offline scanners, please use one of the CLI methods on the scanner host.

  1. From the new interface, navigate to Settings > Sensor Management > Nessus Scanners.
  2. Click on the scanner in question.
  3. Click on the Logs tab.
  4. Click Request Logs on the upper right side of the screen.
  5. It may take up to a few minutes, but you will see the status of the request. When complete, click on the three dots on the right side and click the Download button in the dropdown menu.

Nessus Agents

Select the version you need for generating a Nessus debug.

Nessus GUI (Only available for Nessus Agent 7.2 or later)

Note: this method requires that the agent is online and communicating with its Nessus Manager. For offline agents, please use one of the CLI methods on the agent host.

  1. Open the Nessus GUI by going to: https://<nessus_manager_ip>:8834
  2. Open the Sensors tab in the top left menu.
  3. Select the Agent in question.
  4. Select the Logs tab.
  5. Use the "Request Logs" button on the top right to begin the log process.
    Note: You should see the log being processed.
  6. Open the link once the log report has been completed. This will download the log report to the local computer.

Windows CLI

Note: During the collection of logs from a Nessus application or an Agent install, you may see occurrences of:

[debug] Skipping collection; wrong OS.

The Nessus debug command contains the commands for all potential operating systems it can be run on. This message indicates that the command it is skipping is meant for a different operating system. For example, if the command is run on a MacOS host, all Linux and Windows related commands will be skipped.

  1. Open Command Prompt with "Run as Administrator" option
  2. Generate the debug:"C:\Program Files\Tenable\Nessus Agent\nessuscli" bug-report-generator
  3. When prompted to run in full mode, select Y.
  4. Copy the file from: C:\ProgramData\Tenable\Nessus Agent\nessus\logs\nessus-bug-report-archive.txt

Linux CLI

Note: During the collection of logs from a Nessus application or an Agent install, you may see occurrences of:

[debug] Skipping collection; wrong OS.

The Nessus debug command contains the commands for all potential operating systems it can be run on. This message indicates that the command it is skipping is meant for a different operating system. For example, if the command is run on a MacOS host, all Linux and Windows-related commands will be skipped.

  1. Open a Terminal as 'root'. Using sudo will work as well. 
  2. Generate the debug:/opt/nessus_agent/sbin/nessuscli bug-report-generator
  3. When prompted to run in full mode, select Y.
  4. Copy the file from: /opt/nessus_agent/var/nessus/logs/nessus-bug-report-archive.tar.gz

Mac OS X CLI

  1. Open a Terminal as 'root'. Using sudo will work as well.
  2. Generate the debug:/Library/NessusAgent/run/sbin/nessuscli bug-report-generator
  3. Copy the file from: /Library/NessusAgent/run/var/nessus/logs/nessus-bug-report-archive.tar.gz

Tenable Vulnerability Management

Note: this method requires that the agent is online and communicating with Tenable Vulnerability Management. For offline agents, please use one of the CLI methods on the agent host.

  1. From the new interface, navigate to Settings > Sensor Management > Nessus Agents
  2. Click on the agent in question.
  3. Click on the Logs tab.
  4. Click Request Logs on the upper right side of the screen.
  5. It may take up to a few minutes, but you will see the status of the request. When complete, click on the three dots on the right side and click the Download button in the dropdown menu.

Tenable Security Center

Using the GUI

  1. Log in as an admin user.
  2. Go to System > Diagnostics.
  3. Click Create Diagnostics File.
  4. Leave all chapters selected. Sanitize if necessary.
  5. Click Generate File.
  6. When that completes, click Download Diagnostics File. The resulting ZIP file is the debug file.

Using the CLI

  1. Open a Terminal as 'root'. Using sudo will work as well.
  2. Generate the debug:/opt/sc/support/bin/php /opt/sc/src/tools/debug.php -a
  3. Copy the file from: /opt/sc/debug.zip.

Nessus Network Monitor

  1. Open root/admin command prompt on the host NNM is installed on. On Linux and MacOS, using sudo will work as well.
  2. Run the following script:
    • Linux/opt/nnm/bin/debug.sh
    • Windows"C:\Program Files\Tenable\nnm\debug"
    • MAC OS X:/Library/NNM/bin/debug.sh
  3. Choose full for standard debug, limited for sanitized debug
  4. Copy the file from: /opt/nnm/bin/nnm-bug-report-archive.tar.gz

Tenable OT Security

Please refer to the following KB article for collecting a debug in Tenable OT Security:
How to generate a system diagnostic in Tenable OT Security

Tenable Core Support Report

See How to Generate a SoS Report in Tenable Core

Tenable Container Security Scanner

  1. Use the guide Configure and Run the Tenable CS Scanner
  2. Add the DEBUG_MODE Environmental Variable and send it to a file with:-e DEBUG_MODE=true 2>&1 | tee cs_error.logNote: This will print the output on the screen when run.For example:docker pull alpine:latest && docker save alpine:latest | docker run \ -e TENABLE_ACCESS_KEY=<API_ACCESS_KEY> \ -e TENABLE_SECRET_KEY=<API_SECRET_KEY> \ -e IMPORT_REPO_NAME=<REPO_NAME> \ -e DEBUG_MODE=true 2>&1 \ -i tenableio-docker-consec-local.jfrog.io/cs-scanner:latest inspect-image alpine_latest | tee cs_error.log
  3. Provide the cs_error.log to the Support case.

Sensor Proxy

  1. Copy the following files from the host:
    • /opt/sensor_proxy/nginx/logs/*
    • /opt/sensor_proxy/logs/*
  2. Provide the logs to the Support case.
Updated 19 days ago
Version 2.0
No CommentsBe the first to comment