I'm surprised you are seeing such a high system load, and not CPU cycles shown for nessusd.
I'm not clear if you are scanning and seeing these loads, or nessusd is just waiting and you have high loads. If you are scanning and you have high loads but you don't see nessusd taking CPU usage, I'd look for any local firewall or IDS or other type of on-system resource that could be making the kernel work a bit harder. If you are scanning just a few hosts and it's taking hours, this is also something that isn't normal. I'd look at local environmental issues like a firewall or IPS running on your system. If it is spiking while you are doing the port scanning, you should see nmap in your process list at some point. You could try doing a scan with the built-in port scanner(s) for Nessus. I'd also kick your max checks to something much higher like 20 and see if your scan times are different. Ron Gula Tenable Network Security Richard van den Berg wrote: > I'm running nessus 3.0.5 on Debian 4.0 with a 2.6.18 kernel. The > hardware is a Pentium 4M 2.2 GHz with 1GB of RAM. I'm using nessj on > another system to connect to this nessus scan engine. > > max_checks and max_hosts are both set to 2. I've enabled all plugins > except DoS and safe_checks are off. I use nmap for port scanning, and > the results are loaded from a gnmap file. > > Occasionally the scanning system becomes very unresponsive, system load > shoots up to around 10 and the CPU is at 0% idle. Today is especially > bad with the system spending hours with continuously 60% of CPU time > spent on "system" with peaks of 80%. If I "kill -STOP" the nessus > processes, the system goes back to 99% idle. Only 800MB of RAM is used, > and no swapping occurs. > > This causes nessus to take hours to scan a single host with only a few > open ports. Tcpdump shows that the hosts are still being scanned, but at > a very slow rate. > > What could be the reason that my system is spending so much time on > kernel processes? Is there any tuning I can do to prevent this from > happening? > > Sincerely, > > Richard van den Berg > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
