Hello, as some of you may have noticed, the change from NTP to OTP brought two new message types: LOG and DEBUG. These message types are intended to improve the communication with the client by complementing the HOLE, NOTE and INFO message types.
The idea behind the new message types was to provide the NVTs with the option to send information the client which is not in itself relevant to the security of the target system, but provides information on issues encountered by the NVT while scanning. The philosophy behind most old NASL scripts was to only communicated with the client if the NVT had found a security issue. While this certainly made sense, it also led users to assume that there was no security threat if the NVT did not issue any message at all when in reality the NASL script encountered a problem which prevented it from running at all. This means the "no news is good news" approach is not always a good idea when it comes to security. The main use case for the LOG message type would be informing the client that your NVT was not able to run and, if possible, give a short explanation as to what caused the problem and what the user might do to address this. The DEBUG message could be used to give more technical details about the issue encountered by the NVT. Note that these message types are not intended to alert the client about security issues and might be ignored by the client depending on the options set by the user. Use the security_hole, security_note and security_info for messages relevant to security issues. I would encourage all NVT writers to include these message types in their NVTs. Starting with openvas-libnasl 2.0-beta1, the message types are available to your NASL script with the log_message() and debug_message() function. The syntax for those functions is identical with the security_hole(), security_note() and security_info() functions. Please remember to keep your NVTs backwards compatible and check if these functions are available to your script before using them. You can do this by evaluating the value of OPENVAS_NASL_LEVEL in your NASL script; if the value is 2300 or higher, log_message and debug_message are available and can be used. Note that OPENVAS_NASL_LEVEL has only been set to 2300 in the latest SVN Revision (1598) of openvas-libnasl. This means that you have to use a SVN revision or wait for the upcoming openvas-libnasl 2.0-beta2 if you want to see the new message types in action. The client is able to understand LOG and DEBUG starting with 2.0-beta1. I hope the new functions are useful to you; please let me know if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP key: D7D049EC | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
