Connector Logs

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.

Tenable Exposure Management allows you to connect with third-party tools through connectors. To ensure visibility into sync operations, the platform includes a detailed Sync Log for each connector.

The Connector Logs in Tenable Exposure Management provide detailed insights into the processing lifecycle of your connectors.

You can use it to:

Track sync history and progress
Understand sync stages and timing
Identify failed syncs and troubleshoot issues
Filter log entries by Activity type, Data Stage, or Log Level.

Access Connector Logs

To view connector's logs:

Navigate to the Connectors page.
In the table, for the connector for which you want to view logs, click the button.
A menu appears.
In the menu, click Connector Logs.

The connector sync logs appear in a clear, user-friendly table. Each sync cycle is listed separately, allowing you to distinguish between different sync attempts.

Reading Connector Logs

Select a sync row to expand it and view detailed information for troubleshooting. When a sync fails, the error message appears at the top of the expanded log with guidance on resolving the issue. You can also expand the full error payload to view the associated status code and headers.

The expanded view includes:

A readable error message with recommended actions
A breakdown of the Data Lifecycle stages (Initiating, Connectivity Test, Fetching, Normalizing, and Processing)
A full timestamp and error message block, including the root cause, error code (e.g., 'status_code: 401'), and technical details
A copy button for sharing or reporting error content
Each log entry includes the sync start and end time, activity type, status, and durations for data ingestion and processing.

Note: The connector logs table retains sync data for 14 days, providing extended visibility into recent sync activity.

Log Time Stamp

Log timestamps use your local browser time zone to ensure alignment with your environment.

Activity (Sync) Type

Tenable Exposure Management's data synchronization process with vendor connectors can be categorized into two distinct types: Full Sync and Incremental Sync.

Full Sync: A Full Sync pulls all available data from the vendor’s system and ingests it into Exposure Management. This ensures that the platform has a complete, up-to-date view of the data supported by the connector.
Incremental Sync: An Incremental Sync retrieves only new or changed records since the last successful sync. This method is used with connectors that support segmented or delta-based data retrieval, improving performance and reducing API consumption.

Data Stage (Sync Status)

Each connector sync is assigned a high-level status.

This status appears in the Connector's log.

Data Stage	Description	Notes
Done	The sync completed successfully. All lifecycle stages ran to completion without errors. Data is now updated and visible in Inventory, Weaknesses, and Analytics.	You can confirm data was successfully ingested and reflected.
In Progress	The sync is currently running. One or more stages (e.g., Fetching, Normalization, or Processing) is still active. The log updates in real time as the sync progresses.	Check logs live to monitor what stage the sync is currently in and how long it's taking.
Failed	The sync did not complete successfully. One or more stages failed (most commonly Connectivity Test, Fetching, or Processing). Error details appear in the Sync Log entry, including: Error message, Timestamp, Affected stage, and root cause/suggestion for next step (if available)	Open the Sync Log and review the failed stage to troubleshoot.

Data Lifecycle Stages

Each connector sync goes through a structured set of backend stages. These stages are visible when expanding a sync log, allowing you to understand what happens during each part of the sync and where failures may occur.

Stage	Description	Notes
Initiating	Begins the sync process. Validates sync configuration and prepares the connector for execution. Triggers a connectivity test (same logic as the manual connectivity check in the connector settings). Logs basic metadata (e.g., sync type, trigger source).	Possible Failures: Invalid credentials, expired tokens, network/authorization errors.
Connectivity Test	Confirms the platform can reach and authenticate with the vendor’s API. Verifies endpoint availability and token validity. Stops the sync if the vendor system is unavailable or responds with an error (e.g., 403, 500).	This step is critical for establishing trust before any data is pulled. Possible Failures: Request issues (missing vendor info/internal errors). Permission or credentials issues. Network or server errors on the vendor's side.
Fetching	Calls the vendor’s API to pull asset, vulnerability, or configuration data. The volume and duration of this step vary based on: API rate limits Data size Type of fetch (Full vs. Incremental) Data is retrieved as raw JSON from the vendor system.	This is often the longest stage, especially for high-volume connectors (e.g., cloud or endpoint sources). Possible Failures: Invalid status codes, response headers, or formats. Vendor's server or network issues.
Normalizing	Transforms raw vendor data into Tenable’s internal standard format. Applies translation logic to fields (e.g., IP, hostname, asset metadata, vulnerability schema). Discards malformed or unusable records. Tags records for traceability to original source and sync cycle.	The purpose of this stage is to ensure consistency across all data sources for unified presentation in Inventory, Exposure View, and Analytics. Possible Failures:Internal issues in syncing data.
Processing	Enriches the normalized data with: Deduplication logic Asset merging (if multiple sources report the same entity) Tag applications (e.g., host groups, source tags) Risk metadata attachment (e.g., Exposure Score calculation) Connects findings to asset records.	This is the final staging layer before data becomes visible in the platform. Possible Failures: Internal processing issues.