I solved the problem by piping oscap's stdout to a Python script that records the elapsed time between "Result" lines. (The xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_set_maxpoll rule to 34 minutes, on a VM.)
-----Original Message----- From: [email protected] <[email protected]> On Behalf Of [email protected] Sent: Thursday, August 8, 2019 9:00 AM To: [email protected] Subject: [EXTERNAL] Open-scap-list Digest, Vol 124, Issue 1 Send Open-scap-list mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/open-scap-list or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Open-scap-list digest..." Today's Topics: 1. timing rule evaluation times (Greg Silverman) 2. Re: timing rule evaluation times (Shawn Wells) 3. Re: timing rule evaluation times (Mat?j T??) ---------------------------------------------------------------------- Message: 1 Date: Wed, 7 Aug 2019 18:58:11 +0000 From: Greg Silverman <[email protected]> To: "[email protected]" <[email protected]> Subject: [Open-scap] timing rule evaluation times Message-ID: <byapr20mb259947f85a638d6221e676dd97...@byapr20mb2599.namprd20.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" Is there any way within oscap to record the time taken for each rule's evaluation to complete? We sometimes see it taking over an hour to complete on RHEL7 and want to understand why. Greg Silverman Principal Engineer Veritas Technologies Santa Clara, CA -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.redhat.com/archives/open-scap-list/attachments/20190807/8f2d13bd/attachment.html> ------------------------------ Message: 2 Date: Wed, 7 Aug 2019 22:43:26 -0400 From: Shawn Wells <[email protected]> To: [email protected] Subject: Re: [Open-scap] timing rule evaluation times Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252"; Format="flowed" On 8/7/19 2:58 PM, Greg Silverman wrote: > Is there any way within oscap to record the time taken for each rule?s > evaluation to complete? We sometimes see it taking over an hour to > complete on RHEL7 and want to understand why. Could try verbose mode. Not sure if timestamps are generated. Something like: $ oscap xccdf eval --profile ${profile} --results ~/scan-results.xml *--verbose devel */path/to/your/content.xml Worst case you could create a for loop iterating through all the rules in your profile. Would have to grep out all the rules in your profile, but the SCAP command would be something like: $ time oscap xccdf eval --profile ${profile} --rule ${rule} /path/to/your/content.xml -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.redhat.com/archives/open-scap-list/attachments/20190807/f9bc050d/attachment.html> ------------------------------ Message: 3 Date: Thu, 8 Aug 2019 10:37:32 +0200 From: Mat?j T?? <[email protected]> To: [email protected] Subject: Re: [Open-scap] timing rule evaluation times Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252"; Format="flowed" openscap can't record that time, but pre-RHEL7.7 scanner had issues with unwanted scanning of remote filesystems, so I would suspect rules that search the whole filesystem and that were scanned when network drives were mounted. On 07. 08. 19 20:58, Greg Silverman wrote: > > Is there any way within oscap to record the time taken for each rule?s > evaluation to complete? We sometimes see it taking over an hour to > complete on RHEL7 and want to understand why. > > Greg Silverman > > Principal Engineer > > Veritas Technologies > > Santa Clara, CA > > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.redhat.com/archives/open-scap-list/attachments/20190808/bad199ba/attachment.html> ------------------------------ _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list End of Open-scap-list Digest, Vol 124, Issue 1 ********************************************** _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
