Troubleshooting Tenable Enclave Security

This page describes how to check the container logs and pod status for Tenable Enclave Security for troubleshooting purposes.

Check Container Logs and Pod Status for Security Center

Check the install container logs

Run the following command to check the install container logs:

Copy 
kubectl logs -c sc-install-container tenable-security-center-0 -n tenable

If successful, the output looks like this:

Security Center install proceeding...

Verifying... ########################################

Preparing... ########################################

.

.

Security Center install container complete, ready for runtime container.

Check the runtime container logs

Run the following command to check the runtime container logs:

Copy 
kubectl logs -c sc-runtime-container tenable-security-center-0 -n tenable

If successful, the output looks like this:

Replacing System RPM database with persistent backup

Checking for SecurityCenter upgrade in progress:

Checking for active migration:

Installing software updates if availableStarting SecurityCenter services: [ OK ]

Check the pod status

Run the following command to check the pod status:

Copy 
kubectl get all -n tenable

If successful, the output looks like this:

NAME    READY    STATUS RESTARTS AGE

pod/tenable-security-center-0    1/1 Running 0 4h4m

 

NAME   TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/tenable-sc LoadBalancer 172.00.00.000 k8s-tenable-security-center.amazonaws.com 443:12345/TCP 4h4m

 

NAME READY AGE

statefulset.apps/tenable-security-center 1/1 4h4m

Note: This output is an example of an AWS environment. Your output may vary depending on your AWS and IP ranges, but the Status should be Running.

Upgrade Issues

If the new pod does not appear and the tes-operator logs display the following message when you update the Tenable Enclave Security version:

2025/06/25 16:02:02 another operation (install/upgrade/rollback) is in progress

This can occur when some of the Helm Charts did not upgrade correctly. To fix the issue, roll back the tes sub-chart with the following steps:

  1. List the charts with the following command:

    Copy 
    helm list -n tenable-enclave-security -a

  2. If the tes chart is stuck in a pending upgrade, roll back the chart with the following command:

    Copy 
    helm rollback -n tenable-enclave-security tes

License Issues

tes-operator logs displaying invalid license error

If the tes-operator logs display the following error when interpreting the license:

2025/07/09 03:29:29 Signature for license is valid.

Interpreting license in key format.

Invalid license: unexpected end of JSON input

This can occur when the license secret is not applied correctly. Refer to step 5 in the Tenable Enclave Security install instructions to ensure that you are applying the license correctly with the expected key.

New license is applied correctly, but not taking effect

Tenable Enclave Security watches for license updates, but if you correctly updated the license in the secret and the license is not taking effect, you can force the operator to pick up the new license by restarting the operator.

  1. Get the tes-operator pod name with the following command:

    Copy 
    kubectl get po -n tenable-enclave-security

  2. Delete the tes-operator pod with the following command:

    Copy 
    kubectl delete po -n tenable-enclave-security tes-operator-XXXX