All Collections
Internal vulnerability scanning
Troubleshooting
Internal agent installation - checking your agent status
Internal agent installation - checking your agent status
Not sure if your agent has been installed correctly, this article should help
Updated over a week ago

This article assumes that nessuscli agent is installed in the folders below
โ€“ if that's not the case, you must edit accordingly:

MacOS: cd /Library/Nessus/run/sbin/

Windows: cd "C:\Program Files\Tenable\Nessus Agent\"

Linux: cd /opt/nessus_agent/sbin/


The agent status command:

You must run the command as Admin and be sure you're in the
folder when nessucli is installed (default locations are listed above) ๐Ÿ‘†


MacOS

  1. Open Terminal: Press command + space bar, and type terminal

  2. In the terminal type sudo /Library/NessusAgent/run/sbin/nessuscli agent status and hit return.

  3. Check out the options below:

Windows

** Ensure you are running the command as Administrator. (Not admin?) **
** Ensure you are running in Command Prompt and not Powershell)**

  1. Open: Command Prompt: Press Windows button (next to alt) + R; type cmd + hit return or Open search bar; type cmd, scroll down to command prompt + click to open

  2. In the terminal type "C:\Program Files\Tenable\Nessus Agent\nessuscli" agent status and hit return.

  3. Check out the options below:

Linux

  1. Open a terminal.

  2. In the terminal, type sudo /opt/nessus_agent/sbin/nessuscli agent status and hit return.

  3. Check out the options below:


The agent status output:

Please review the section below carefully. All possible
output and troubleshooting advice is detailed below.


๐Ÿ“ 'command not found' or 'nessuscli' is not recognized'

If you got one of the following errors, then you're in the wrong directory.

MacOS

command not found: nessuscli

Windows

'nessuscli' is not recognized as an internal or external command

Linux

command not found

No such file or directory

Change to the right directory

Assuming nessuscli is correctly installed in the default location (mentioned at the top of this article), you can change your command prompt or terminal to the right folder by running:
๏ปฟMacOS: cd /Library/Nessus/run/sbin/
๏ปฟWindows: cd "C:\Program Files\Tenable\Nessus Agent\" (Must run as Admin).
๏ปฟLinux: cd /opt/nessus_agent/sbin/

Once there, you can re-run the agent status command.

Re-run the linking command

If you suspect that you ran the linking command from the wrong directory, then you'll need to run it again. This time, make sure that you're either in the folder where nessuscli is installed, or add the path to the command.


For example (Windows OS only)


๐Ÿ‘‰ If you're in the folder where nessuscli is installed:

msiexec /i NessusAgent-8.2.4-x64.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=[KEY] NESSUS_NAME=[Your Prefix]_%computername% /qn


๐Ÿ‘‰ *You're adding the path to the default folder:

msiexec /i "C:\Program Files\Tenable\NessusAgent-8.2.4-x64.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=[KEY] NESSUS_NAME=[Your Prefix]_%computername% /qn


๐Ÿ‘‰ *You moved the installer and need to add the path to a different folder:

msiexec /i "[the path to where the installer was downloaded]\NessusAgent-8.2.4-x64.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=[KEY] NESSUS_NAME=[Your Prefix]_%computername% /qn


๐Ÿ“ 'Could not open'

If you get one of the following errors, then you are not running the agent status command as Administrator.

MacOS

Could not open existing master.key file: 14

Could not open /Library/NessusAgent/run/var/nessus/master.key - Permission denied

Windows

Could not open C:\ProgramData\Tenable\Nessus Agent\nessus\master.key - Access is denied.

MacOS

Be sure to use sudo

Windows

1. Hit Start

2. Type โ€œcommand,โ€ and youโ€™ll see โ€œCommand Promptโ€ listed as the main result.
3. Right-click that result and choose โ€œRun as administrator.โ€

Right-click the Command Prompt shortcut and select "Run as administrator."

So long as you don't close that window, all subsequent commands run in that command terminal will be run as Admin (see below):


๐Ÿ“ 'Running: No' and 'Not linked to a manager'

Running: No

Linked to: None
Link status: Not linked to a manager

Then it could mean one of two things:

  1. The agent hasn't installed:
    It is possible that your original install command contained errors (wrong filename, wrong path, name / NESSUS_NAME etc) and so we would recommend going back and trying the installation process again.

  2. Your system cannot reach out to tenable
    You need to check that you are connected to the internet and that the agent can reach out to cloud.tenable.com on port 443. (This is the only relevant firewall rule). When you are certain that the system is connected to the internet, try running the command again. If it still says "not linked to a manager" then you will need to try the installation process again.


๐Ÿ“ 'Running': No

Running: No
Linked to: cloud.tenable.com:443
Link status: connection has not been attempted

This means that the agent isn't running and you need to either:

  • Reboot the internal system (if possible)

or

  • Start the nessus agent system manually, by running the relevant command as Admin:

MacOS

sudo launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist

Windows

net start "Tenable Nessus Agent"

Linux

RedHat, CentOS, and Oracle Linux

sudo /sbin/service nessusagent start

SUSE

sudo /etc/rc.d/nessusagent start

Free BSD

sudo service nessusagent start

Debian and Kali

sudo /etc/init.d/nessusagent start

Ubuntu (*init.d)

sudo /etc/init.d/nessusagent start

Ubuntu (*systemd)

sudo /bin/systemctl start nessusagent.service

(*) To identify your init daemon search ps 1 in your command prompt to see which manager you're using.


๐Ÿ“ 'Running', but is 'Not linked to a manager'

Running: Yes

Linked to: None
Link status: Not linked to a manager

Although it says 'running', the link status here tell us that something has gone wrong during the installation. There are two scenarios here, the first being the most common:

  1. Your linking command is incorrect.
    Be sure to check:

    ๐Ÿ’ก name / NESSUS_NAME includes the prefix and the target name (eg. DQEGBQUAAAc_paul)
    ๐Ÿ’ก You have included the key
    ๐Ÿ’ก The command reflects your current operating system

    ๐Ÿ’ก You haven't added or missed any characters

  2. An internet proxy/filter is getting in the way
    The agent cannot connect to the manager, this could be due to internal network controls such as an outbound proxy. If your environment has these types of controls, please refer to documentation here, and use the proxy parameters on install to ensure the agent connects to the manager via the proxy.

To resolve this, you'll need to link again:

Link (again):

  1. Open the command terminal again โ€“ as Administrator

  2. Copy the relevant link command for your OS, insert PREFIX_DEVICENAME and run it.

    MacOS:

    /Library/Nessus/run/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]


    Windows:

    "C:\Program Files\Tenable\Nessus Agent\nessuscli" agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

    Linux:

    /opt/nessus_agent/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]


  3. Check out the targets page to see if it has appeared.


๐Ÿ“ 'Running', but there's an 'authentication error'

Running: Yes

Linked to: cloud.tenable.com:443
Link status: authentication error

This indicates that the agent has been removed (intentionally or not). To resolve this, you'll need to link again.

Link (again):

  1. Open the command terminal again โ€“ as Administrator

  2. Copy the relevant link command for your OS, insert your PREFIX_DEVICENAME and run it.

    MacOS:

    /Library/Nessus/run/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]


    Windows:

    "C:\Program Files\Tenable\Nessus Agent\nessuscli" agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

    Linux:

    /opt/nessus_agent/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

  3. Check out the targets page to see if it has appeared.


๐Ÿ“ It's Running and is linked, but I still can't see my internal system on the targets page. What now?

Running: Yes
Linked to: cloud.tenable.com:443
Link status: Connected to cloud.tenable.com:443

This means that it has linked to Tenable, but there is an underlying issue that is stopping it from working as intended.

If you have checked your linking command and everything looks good, then your best bet at this point would be to start over.

  1. Unlink the agent
    Windows (must be run as Admin)

    "C:\Program Files\Tenable\Nessus Agent\nessuscli.exe" agent unlink

    Linux

    sudo /opt/nessus_agent/sbin/nessuscli agent unlink

    MacOS

    sudo /Library/NessusAgent/run/sbin/nessuscli agent unlink


    In the terminal, as Admin, run the following command: nessuscli agent unlink

  2. Check that the unlink command worked by running the agent status
    It should return:

    Linked to: None
    Link status: Not linked to a manager

  3. Uninstall the agent
    Follow the steps in the relevant OS guide (including any appended notes).

  4. Reboot the system.

  5. Re-add the internal system, following the steps in our installation articles.

  6. Check out the targets page to see if it has appeared.

  7. If it still doesn't show up, it might be worth heading over to our troubleshooting doc.

Did this answer your question?