Re: [Openvas-discuss] updating scap data fails
Hello, To me, the problem looks like the out-of-memory error Ben described as well. Increasing the amount of memory should help, but if that isn't an option you can use the SPLIT_PART_SIZE setting like he suggested. I mainly wanted to add that for the SPLIT_PART_SIZE setting to work, you need to have the python script xml_split installed. It is currently not installed by default, but it can be found in tools/extra of the manager sources and it has to be copied to [...]/share/openvas/scap/, with [...] being the prefix of the OpenVAS installation (in Alex' case it should be /usr/local). Best regards, Timo On 02/24/2015 09:36 AM, Benoît Allard wrote: I Alex, On 02/23/2015 10:06 PM, Alexander Rau wrote: Hi: I am running openvas-scapdata-sync during initial install and am getting the following error [i] Updating /usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml Killed -:1217905: parser error : AttValue: ' expected cpe-lang:fact-ref name=c ^ -:1217905: parser error : attributes construct error cpe-lang:fact-ref name=c ^ -:1217905: parser error : Couldn't find end of Start Tag fact-ref line 1217905 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag logical-test line 1215810 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag vulnerable-configuration line 1215809 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag entry line 1215808 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag nvd line 2 cpe-lang:fact-ref name=c ^ unable to parse - [e] Update of CVEs failed at file '/usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml': xsltproc exited with code 137 This is for OpenVAS 8 on Debian 7 I bet that if you look in your kernel logs, you will see the famous OOM killer acting and killing an xslt process. In the SCAP scripts, we introduced a setting to process the huge XML files in chunks. That setting was introduced some time ago already. Look for the SPLIT_PART_SIZE setting on top of the scap-sync script, and set it to a sensible value, this should prevent your problem from happening again. Regards, Ben. -- Timo Pollmeier | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] how to change the report attachment's maximum size
Just coming back to this one: What configuration file or script can I change to make this a permanent setting? Regards, Christiaan de Vries w: +353 1 526 7736 | m: +353 860 234 384 | e: christiaan.devries @hetg.ie | www.DigitalPlanet.ie | www.hetg.ie HIBERNIA HOUSE | Cherrywood Business Park | Loughlinstown | Dublin 18 | Ireland Hibernia Services Ltd. is registered in Ireland, Company Registration No. 170309 © 2014 Digital Planet, part of the HiberniaEvros Technology Group -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Jan-Oliver Wagner Sent: 29 January 2015 08:52 To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] how to change the report attachment's maximum size There is a command line option for openvasmd: --max-email-attachment-size=number Am Donnerstag, 20. November 2014, 04:06:08 schrieb AnJing: i used create a new schedule,and create a Alert mail with PDF attachment. and when the attachment bigger then 1MB, there is ge Note,like this: === Task 'daily': Task status changed to 'Done' After the event Task status changed to 'Done', the following condition was met: Always This email escalation is configured to attach report format 'PDF'. Full details and other report formats are available on the scan engine. Note: The report exceeds the maximum attachment length of 1048576 bytes. === -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] (no subject)
Hi, I am at a loss to get OpenVAS to do a scan. No matter what I try I always get the same result. That is nothing. All it does is run for a few seconds and then stop. A search with Google reveals that I am not alone. The log file contains: event task:MESSAGE:2015-02-24 12h12.39 UTC:16937: Task 105955ce-d4bf-4aa1-8f55-30349f7a0e69 has been requested to start by openvasusr event wizard:MESSAGE:2015-02-24 12h12.39 UTC:16937: Wizard quick_first_scan has been run by openvasusr lib serv:WARNING:2015-02-24 12h12.39 UTC:16937:Failed to gnutls_bye: Error in the push function. event task:MESSAGE:2015-02-24 12h12.40 UTC:16942: Status of task Immediate scan of IP 192.168.30.90 (105955ce-d4bf-4aa1-8f55-30349f7a0e69) has changed to Running event task:MESSAGE:2015-02-24 12h12.42 UTC:16942: Status of task Immediate scan of IP 192.168.30.90 (105955ce-d4bf-4aa1-8f55-30349f7a0e69) has changed to Done The advice seems to be to install an old version (around 2010 or 2011 vintage) version of libmicrohttpd. Sadly that version is no longer available. However, having looked at the code I suspect that the Failed to gnutls_bye is not relevant. This is version 7 of OpenVAS. Anyway, is there a fix for this? Best wishes... Colin ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] updating scap data fails
Adding a split clip level of 50MB (51200 KB) and copying the xml_split file into /usr/local/share/openvas/scap/ worked for me. Alex On Tue, Feb 24, 2015 at 5:30 AM, Timo Pollmeier timo.pollme...@greenbone.net wrote: Hello, To me, the problem looks like the out-of-memory error Ben described as well. Increasing the amount of memory should help, but if that isn't an option you can use the SPLIT_PART_SIZE setting like he suggested. I mainly wanted to add that for the SPLIT_PART_SIZE setting to work, you need to have the python script xml_split installed. It is currently not installed by default, but it can be found in tools/extra of the manager sources and it has to be copied to [...]/share/openvas/scap/, with [...] being the prefix of the OpenVAS installation (in Alex' case it should be /usr/local). Best regards, Timo On 02/24/2015 09:36 AM, Benoît Allard wrote: I Alex, On 02/23/2015 10:06 PM, Alexander Rau wrote: Hi: I am running openvas-scapdata-sync during initial install and am getting the following error [i] Updating /usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml Killed -:1217905: parser error : AttValue: ' expected cpe-lang:fact-ref name=c ^ -:1217905: parser error : attributes construct error cpe-lang:fact-ref name=c ^ -:1217905: parser error : Couldn't find end of Start Tag fact-ref line 1217905 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag logical-test line 1215810 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag vulnerable-configuration line 1215809 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag entry line 1215808 cpe-lang:fact-ref name=c ^ -:1217905: parser error : Premature end of data in tag nvd line 2 cpe-lang:fact-ref name=c ^ unable to parse - [e] Update of CVEs failed at file '/usr/local/var/lib/openvas/scap-data/nvdcve-2.0-2011.xml': xsltproc exited with code 137 This is for OpenVAS 8 on Debian 7 I bet that if you look in your kernel logs, you will see the famous OOM killer acting and killing an xslt process. In the SCAP scripts, we introduced a setting to process the huge XML files in chunks. That setting was introduced some time ago already. Look for the SPLIT_PART_SIZE setting on top of the scap-sync script, and set it to a sensible value, this should prevent your problem from happening again. Regards, Ben. -- Timo Pollmeier | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss