View Linked Agent Health Events

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

In Tenable Vulnerability Management, you can view information about the health of the Tenable Nessus Agent software on your installed endpoints linked to Tenable Vulnerability Management. You can use the agent health information to troubleshoot agent issues, or you can forward the agent health information to Tenable support.

Tenable Vulnerability Management-linked agents provide health event updates every 60 minutes by default.

To view a linked agent's health events in Tenable Vulnerability Management:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
Click the Nessus Agents tab.

The list of agents appears and Linked Agents is selected in the drop-down box.
In the agents table, click the agent for which you want to view health events.

The details page for that agent appears.

Click the Agent Health Events tab.

A table shows the linked agent's health events. Tenable Vulnerability Management shows the events in the detected order (the newest event shows at the top of the table). The table shows the following information about each health event:

Column	Description
Type	The agent health event type: Comms Backoff State (related to continuous assessment scanning) Check Frequency — Every hour Possible States — HEALTHY (last Tenable Vulnerability Management upload was successful), WARNING (last Tenable Vulnerability Management upload was not successful), CRITICAL (last Tenable Vulnerability Management upload was not successful and received a 409 error) Comms Waiting Batches (related to continuous assessment scanning) Check Frequency — Every hour Possible States — HEALTHY (0-9 events waiting to upload), WARNING (10-39 events waiting to upload), CRITICAL (> 39 events waiting to upload) Module Asset Identity Check Frequency — Every 60 seconds Possible States — HEALTHY, CRITICAL (the open agent port service is not working, even though it is configured for the agent profile) Module Runtime Scan (related to continuous assessment scanning) Check Frequency — Every 60 seconds Possible States — HEALTHY, CRITICAL (the continuous assessment scanning service is not working, even though it is configured for the agent profile) Module Comms (related to continuous assessment scanning) Check Frequency — Every 60 seconds Possible States — HEALTHY, CRITICAL (the agent cannot successfully send continuous assessment scanning data to Tenable Vulnerability Management) Plugin Compilation Check Frequency — Once upon agent startup Possible States — HEALTHY, CRITICAL (agent plugin compilation failure) Plugin Disk Usage Note: This event only shows for Tenable Nessus Agents on version 10.8.0 or later. Check Frequency — Once upon agent startup Possible States — HEALTHY, WARNING (< 2,000 MB disk space remaining) Plugin Integrity Checks Check Frequency — Every 24 hours Possible States — HEALTHY, CRITICAL (the plugins database failed an integrity check) Plugin Updates Check Frequency — Every 24 hours, or whenever the agent plugins are updated Possible States — HEALTHY, CRITICAL (the agent cannot successfully update plugins) System Disk Usage Check Frequency — Every 60 seconds Possible States — HEALTHY, WARNING (< 350 MB disk space remaining), CRITICAL (< 150 MB disk space remaining)
Status	Healthy — The health event is healthy and requires no action. Warning — The health event is unhealthy and may cause minimal impact on the agent's performance. Critical — The health event is unhealthy and may cause a major impact on the agent's performance. Tenable recommends working to resolve any Critical health events. Unknown — The health event status is currently unknown.
Summary	The summary of the health event's current status. For more information about negative health events, see the Recommended Action column of the Health Event Troubleshooting table.
Last Updated	The date and time at which Tenable Vulnerability Management last updated the health event.
Resolved	Indicates whether the health event was resolved (in other words, whether the event recently changed from Warning or Critical to Healthy). If this column shows N/A, Tenable Vulnerability Management has not recently detected a health problem for the Type.
Previous Status	The previous health event status before the Last Updated date and time. Healthy — The health event is healthy and requires no action. Warning — The health event is unhealthy and may cause minimal impact on the agent's performance. Critical — The health event is unhealthy and may cause a major impact on the agent's performance. Tenable recommends working to resolve any Critical health events. Unknown — The health event status is currently unknown.
Previous Summary	The summary of the health event's Previous Status.
Previously Updated	The date and time at which Tenable Vulnerability Management previously updated the event before the Last Updated date and time.

Health Event Troubleshooting

Event Type	Negative Event Summary	Recommended Action
Comms Backoff State	There are __ items waiting to upload."	Contact Tenable support.
Comms Waiting Batches	Service is in a temporary backoff due to <error code>. Service is in a 24 hour backoff due to code 409.	Contact Tenable support.
Module Asset Identity	Incorrect module state.	Check to see if IPv6 is disabled on the agent host by viewing the following log file: Linux — /opt/nessus_agent/var/nessus/mod/com.tenable.agent_identifier_service/data/com.tenable.agent_identifier_service.log Windows — C:\ProgramData\Tenable\Nessus Agent\nessus\mod\com.tenable.agent_identifier_service\data\com.tenable.agent_identifier_service.log macOS — /Library/NessusAgent/run/var/nessus/mod/com.tenable.agent_identifier_service/data/com.tenable.agent_identifier_service.log If you see the following messages, IPv6 has been disabled, and you must enable it for the asset identity module to run properly. [2024-12-05 19:29:48 +0000][2970.0][severity=INFO] : Launching asset UUID service on port XXXX [2024-12-05 19:29:48 +0000][2970.0][severity=INFO] : Unable to create socket: Address family not supported by protocol [2024-12-05 19:29:48 +0000][2970.0][severity=INFO] : Socket was not opened. [2024-12-05 19:29:48 +0000][2970.0][severity=INFO] : Socket not valid If the issue is unrelated to IPv6, contact Tenable support.
Module Runtime Scan	Incorrect module state.	Contact Tenable support.
Module Comms	Incorrect module state.	Contact Tenable support.
Plugin Compilation	Plugin compilation failed for _ plugins. Failed plugin names: _	Contact Tenable support.
Plugin Disk Usage	Nessus Agent plugin disk usage is abnormally high. Plugin disk usage is more than _ MB.	Contact Tenable support.
Plugin Integrity Checks	The plugins database failed an integrity check. The Nessus Agent will try to resolve this by triggering a full plugin update. Plugin integrity check failed on the following files: _ Plugin integrity check failed on many files, including: _	Wait for the plugin integrity checks to re-run after the full plugin update. If the problem persists, contact Tenable support.
Plugin Updates	The Nessus Agent could not update plugins because the download failed due to an error. Failed plugin updates are retried daily. [Status code: _ / HTTP Status code: _] The Nessus Agent could not update plugins because the integrity check of the download failed. Failed plugin updates are retried daily.	Allow the agent to retry the daily plugin update. If the problem persists, check your network and antivirus settings for any issues that may affect the agent's ability to download properly.
System Disk Usage	Available disk space for the Nessus Agent is [getting low or critically low]. Free disk space is less than _ MB.	Free the amount of disk space suggested in the event summary.