All Collections
Internal vulnerability scanning
Troubleshooting
Internal agent installation - checking your agent status
Internal agent installation - checking your agent status

Not sure if your agent has been installed correctly or experiencing issues, this article should help

Joe Haigh avatar
Written by Joe Haigh
Updated over a week ago

To check if your agent has been installed correctly or to diagnose any issues you might be experiencing, the best place to start would be to take a look at the agent status.

⚠️ The command must run the command as Admin, in the Nessus Agent folder. The default locations are below, if the agent is in a non-default location, edit the command accordingly.

  • MacOS: cd /Library/NessusAgent/run/sbin/

  • Windows: cd "C:\Program Files\Tenable\Nessus Agent\"

  • Linux: cd /opt/nessus_agent/sbin/

The agent status command

MacOS

  1. Open Terminal (press command + space bar, and type terminal)

  2. In the terminal type sudo /Library/NessusAgent/run/sbin/nessuscli agent status and hit return.

  3. Compare your output to the responses below

Windows

** Ensure you are running the command as Administrator. (Not admin?) **

** Ensure you are running in Command Prompt and not Powershell)**

  1. Open Command Prompt (open search bar, type cmd, scroll to Command Prompt, right-click + click on Run as administrator)

  2. At the prompt, type "C:\Program Files\Tenable\Nessus Agent\nessuscli" agent status and hit return.

  3. Compare your output to the responses below

Linux

  1. Open a terminal.

  2. In the terminal, type sudo /opt/nessus_agent/sbin/nessuscli agent status and hit return.

  3. Compare your output to the responses below

Expected Output

Running: Yes

​Linked to: sensor.cloud.tenable.com:443​

Link status: Connected to cloud.tenable.com:443

Unexpected Output

❗️ 'command not found' or 'nessuscli' is not recognized'

If you see one of the following errors, then you're in the wrong directory.

MacOS

command not found: nessuscli

Windows

'nessuscli' is not recognized as an internal or external command

Linux

command not found

No such file or directory

Change to the right directory

Assuming nessuscli is installed in the default location (mentioned at the top of this article), you can change your command prompt/ terminal to the right folder by running:

  • MacOS: cd /Library/NessusAgent/run/sbin/

  • Windows: cd "C:\Program Files\Tenable\Nessus Agent\" (Must run as Admin)

  • Linux: cd /opt/nessus_agent/sbin/

Once there, you can re-run the agent status command.

Re-run the linking command

If you suspect that you ran the linking command from the wrong directory, then you'll need to run it again. This time, make sure that you're either in the folder where nessuscli is installed, or add the path to the command.


For example (Windows OS only)


👉 If you're in the folder where nessuscli is installed:

msiexec /i NessusAgent-8.2.4-x64.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=[KEY] NESSUS_NAME=[Your Prefix]_%computername% /qn


👉 You're adding the path to the default folder:

msiexec /i "C:\Program Files\Tenable\NessusAgent-8.2.4-x64.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=[KEY] NESSUS_NAME=[Your Prefix]_%computername% /qn


👉 You moved the installer and need to add the path to a different folder:

msiexec /i "[the path to where the installer was downloaded]\NessusAgent-8.2.4-x64.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=[KEY] NESSUS_NAME=[Your Prefix]_%computername% /qn

❗️ 'Could not open'

If you get one of the following errors, then you are not running the agent status command as Administrator.

MacOS

Could not open existing master.key file: 14

Could not open /Library/NessusAgent/run/var/nessus/master.key - Permission denied

Windows

Could not open C:\ProgramData\Tenable\Nessus Agent\nessus\master.key - Access is denied.

MacOS

Be sure to use sudo before the command

Windows

1. Hit Start

2. Type “command,” and you’ll see “Command Prompt” listed as the main result.
3. Right-click that result and choose “Run as administrator.”

Right-click the Command Prompt shortcut and select "Run as administrator."

So long as you don't close that window, all subsequent commands run in that command terminal will be run as Admin (see below):

❗️ 'Running: No' and 'Not linked to a manager'

All OS

Running: No

Linked to: None

​Link status: Not linked to a manager

Then it could mean one of two things:

  1. The agent hasn't installed
    It is possible that your original install command contained errors (wrong filename, wrong path, name / NESSUS_NAME etc) so we would recommend going back and trying the installation process again.

  2. Your system cannot reach out to tenable
    You need to check that you are connected to the internet and that the agent can reach out to cloud.tenable.com on port 443. (This is the only relevant firewall rule). When you are certain that the system is connected to the internet, try running the command again. If it still says "not linked to a manager" then you will need to try the installation process again.

❗️ 'Running': No

All OS

Running: No
Linked to: cloud.tenable.com:443
Link status: connection has not been attempted

Then you need to either:

  1. Reboot the internal system (if possible), or

  2. Start the Nessus Agent system manually, by running the relevant command as Admin:

MacOS

sudo launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusagent.plist

Windows

net start "Tenable Nessus Agent"

Linux

RedHat, CentOS, and Oracle Linux

sudo /sbin/service nessusagent start

SUSE

sudo /etc/rc.d/nessusagent start

Free BSD

sudo service nessusagent start

Debian and Kali

sudo /etc/init.d/nessusagent start

Ubuntu (*init.d)

sudo /etc/init.d/nessusagent start

Ubuntu (*systemd)

sudo /bin/systemctl start nessusagent.service

(*) To identify your init daemon search ps 1 in your command prompt to see which manager you're using.

❗️ 'Running', but is 'Not linked to a manager'

All OS

Running: Yes

Linked to: None
Link status: Not linked to a manager

Although it says 'running', the link status here tells us that something has gone wrong during the installation. There are two scenarios here, the first being the most common:

  1. Your linking command is incorrect.
    Be sure to check:

    💡 name / NESSUS_NAME includes the prefix and the target name (eg. DQEGBQUAAAc_paul)
    💡 You have included the key
    💡 The command reflects your current operating system

    💡 You haven't added or missed any characters

  2. An internet proxy/filter is getting in the way
    The agent cannot connect to the manager, this could be due to internal network controls such as an outbound proxy. If your environment has these types of controls, please refer to documentation here, and use the proxy parameters on install to ensure the agent connects to the manager via the proxy.

To resolve this, you'll need to link again:

Link (again):

  1. Open the command terminal again – as Administrator

  2. Copy the relevant link command for your OS, edit/insert PREFIX_DEVICENAME and run it.

    MacOS:

    /Library/NessusAgent/run/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]


    Windows:

    "C:\Program Files\Tenable\Nessus Agent\nessuscli" agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

    Linux:

    /opt/nessus_agent/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

  3. Check out the targets page to see if it has appeared.

❗️ 'Running', but there's an 'authentication error'

All OS

Running: Yes

Linked to: cloud.tenable.com:443
Link status: authentication error

This indicates that the agent has been removed (intentionally or not). To resolve this, you'll need to link again:

Link (again):

  1. Open the command terminal again – as Administrator

  2. Copy the relevant link command for your OS, edit/insert PREFIX_DEVICENAME and run it.

    MacOS:

    /Library/NessusAgent/run/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]


    Windows:

    "C:\Program Files\Tenable\Nessus Agent\nessuscli" agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

    Linux:

    /opt/nessus_agent/sbin/nessuscli agent link --host="cloud.tenable.com" --port="443" --key=819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1 --name=[Prefix_DeviceName]

  3. Check out the targets page to see if it has appeared.

❗️ It's Running and is linked, but I still can't see my internal system on the targets page. What now?

All OS

Running: Yes
Linked to: cloud.tenable.com:443
Link status: Connected to cloud.tenable.com:443

This means that it has been linked to Tenable, but there is an underlying issue that is stopping it from working as intended.

If you have checked your linking command and everything looks good, then your best bet at this point would be to start over.

Link (again):

  1. Unlink the agent
    Windows (must be run as Admin)

    "C:\Program Files\Tenable\Nessus Agent\nessuscli.exe" agent unlink

    Linux

    sudo /opt/nessus_agent/sbin/nessuscli agent unlink

    MacOS

    sudo /Library/NessusAgent/run/sbin/nessuscli agent unlink


    In the terminal, as Admin, run the following command: nessuscli agent unlink

  2. Check that the unlink command worked by running the agent status
    It should return:

    Linked to: None
    Link status: Not linked to a manager

  3. Uninstall the agent by following the steps in the relevant OS guide (including any appended notes).

  4. Reboot the system

  5. Re-add the internal system, following the steps in our installation articles.

  6. Check out the targets page to see if it has appeared.

If after following these steps, it still doesn't show up, it might be worth heading over to our troubleshooting doc.

Related Articles
How to delete internal targets (and remove the agent)
Internal target not showing in target list
How to restore an internal target
Renaming an internal target
Group deployment of the internal agent via InTune
Did this answer your question?