I have been trying to get OpenVAS scanning to work with the latest Packetfence
and CentOS6
It seems I am overlooking something.
I've checked the pf.conf, violations.conf and increased logging to debug.
When I submit a scan request from the PF Admin, it places the device in the
registration VLAN, but never launches the scan, there is no log entires
indicating a scan command ever takes place in packetfence.log
the device is just placed in the registration vlan
Sep 09 17:15:40 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch
10.8.3.253 (main::parseTrap)
Sep 09 17:15:40 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Sep 09 17:15:40 pfsetvlan(1) INFO: reAssignVlan trap received on 10.8.3.253
ifIndex 21 (main::handleTrap)
Sep 09 17:15:40 pfsetvlan(1) INFO: security traps are configured on 10.8.3.253
ifIndex 21. Re-assigning VLAN for 00:26:22:cc:55:12 (main::handleTrap)
Sep 09 17:15:40 pfsetvlan(1) INFO: highest priority violation for
00:26:22:cc:55:12 is 1200001. Target VLAN for violation: registration (700)
(pf::vlan::getViolationVlan)
Sep 09 17:15:40 pfsetvlan(1) INFO: Should set 10.8.3.253 ifIndex 21 to VLAN 700
but it is already in this VLAN -> Do nothing (pf::Switch::setVlan)
Sep 09 17:15:40 pfsetvlan(1) INFO: no VoIP phone is currently connected at
10.8.3.253 ifIndex 21. Flipping port admin status (main::handleTrap)
Sep 09 17:15:44 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Sep 09 17:16:04 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch
10.8.3.253 (main::parseTrap)
Sep 09 17:16:04 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Sep 09 17:16:04 pfsetvlan(3) INFO: reAssignVlan trap received on 10.8.3.253
ifIndex 21 (main::handleTrap)
Sep 09 17:16:04 pfsetvlan(3) INFO: security traps are configured on 10.8.3.253
ifIndex 21. Re-assigning VLAN for 00:26:22:cc:55:12 (main::handleTrap)
Sep 09 17:16:04 pfsetvlan(3) INFO: MAC: 00:26:22:cc:55:12 is of status unreg;
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Sep 09 17:16:04 pfsetvlan(3) INFO: Should set 10.8.3.253 ifIndex 21 to VLAN 700
but it is already in this VLAN -> Do nothing (pf::Switch::setVlan)
Sep 09 17:16:04 pfsetvlan(3) INFO: no VoIP phone is currently connected at
10.8.3.253 ifIndex 21. Flipping port admin status (main::handleTrap)
Sep 09 17:16:08 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
Sep 09 17:16:14 pfsetvlan(23) INFO: local (127.0.0.1) trap for switch
10.8.3.253 (main::parseTrap)
Sep 09 17:16:14 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Sep 09 17:16:14 pfsetvlan(5) INFO: reAssignVlan trap received on 10.8.3.253
ifIndex 21 (main::handleTrap)
Sep 09 17:16:14 pfsetvlan(5) INFO: security traps are configured on 10.8.3.253
ifIndex 21. Re-assigning VLAN for 00:26:22:cc:55:12 (main::handleTrap)
Sep 09 17:16:14 pfsetvlan(5) INFO: highest priority violation for
00:26:22:cc:55:12 is 1100002. Target VLAN for violation: registration (700)
(pf::vlan::getViolationVlan)
Sep 09 17:16:14 pfsetvlan(5) INFO: Should set 10.8.3.253 ifIndex 21 to VLAN 700
but it is already in this VLAN -> Do nothing (pf::Switch::setVlan)
Sep 09 17:16:14 pfsetvlan(5) INFO: no VoIP phone is currently connected at
10.8.3.253 ifIndex 21. Flipping port admin status (main::handleTrap)
Sep 09 17:16:18 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce.
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
