I recently got a new installation up and running (Thanks Eero!)
Had been using version 6 for some time.
I did one scan on Monday night and it took about 4.5 hours, not too out of the
ordinary. This subnet has 12 computers, 4 network devices (ASA, Switch, Router,
WAP) and 4 printers.
Settings for Target were:
All hosts on a subnet
No hosts excluded
Reverse lookup only: no
Reverse lookup unify: no
Port list: All IANA assigned TCP 2012-02-10
Alive Test: Scan Config Default
No credentials (Haven't set them up yet)
Settings for Schedule:
Run at 21:00, EST
Period 1 week (Every Monday)
Settings for Task:
Target: Set above
Alerts: Email setup
Schedule: Set above
Add to assets: Yes (Don't care, didn't notice this, does it matter? Pros and
cons?)
Alterable task: No
Scanner: OpenVAS Default
Scan Config: Full and fast
Slave:
Order for target hosts: Sequential
Network Source Interface:
Maximum concurrently executed NVTs per host: 4
Maximum concurrently scanned hosts: 20
I setup another Target, Schedule and Task on another subnet. This subnet has 19
computers, 5 network devices and 5 printers.
The only differences I see are:
Target:
Port List: All TCP
Alive Test: Consider Alive (If there's nothing for an IP, I don't want it to be
scanned and don't want it to show up in a report, is this the correct setting?)
Schedule:
Same as above, except Tuesday
Task:
Same as above
This second task has been running since Tuesday night at 21:00 hours, at the
time I'm writing, that's 60 hours and 20 minutes!!!
There is supposed to be a way to stop the scan, by clicking the square stop
button, but I don't see that anywhere.
I looked at the resources on the server:
CPU is running at about 50% (I have 4, and all are between 35% and 60%)
Memory is constant 42%, with swap at 0 (8gb installed)
Network is running about 400 b/s with occasional spike
Why are the scans taking so long? What settings should I correct? There are
really only 2 changes from the scan that took about 4.5 hours and the one that
has been running over 60 hours. A little bit of difference in the amount of
endpoints, but nothing that should cause that much of a difference!
Randy Dover
This email is intended for its designated recipients. The information, and
attachments, contained in this email may be considered private and/or
confidential. If the transmission is received in error, delete messages(s) from
your system and notify the sender. You may not, directly or indirectly, use,
disclose or distribute any part of this email.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
