[Openvas-discuss] Openvas scans not completing and GSA very slow

William Strucke wstrucke at gmail.com
Mon Sep 12 18:12:16 CEST 2011


First - thank you for taking the time to look at this, I'll try to be
concise.

I'm pretty new to OpenVAS and Greenbone Security Assistant.  I have spent
the last week off and on trying to track down any reason why I'm seeing the
behavior I'm seeing but not having much luck, so I apologize if this has
been covered on this list already and I missed it.

I'm working with an OpenVAS server that has been scanning one of our subnets
for about two years.  Over time the GSA web interface has gotten slower and
slower and lately it's to the point where clicking any click or button in
the interface takes at least a minute or two to complete the request.
Recently our scans have started failing on this machine as well -- they are
scheduled to run over night and when I check them in the morning it says
"stopped at X%".

The error logs I can find seem to indicate the scan abruptly stops after
about five hours.  Due to the degraded GSA performance I'm wondering if this
is a database issue somehow?  Is it possible the response time on the
database is so bad that the scan is timing out or hitting a maximum run
time?  I've run VACUUM and rebuild on the SQLITE database without any
apparent change.  Our database is approximately 450MB at the moment.

Running openvas in foreground mode shows a ton of activity on the database
while the web interface is waiting for a response.  I have another openvas
server that is about the same age with about half the number of records of
this one -- it is also slow but not as bad as this one and the scans still
work.

Does this sound like two symptoms of the same problem or am I dealing with
two separate issues?  Is there a way to prune old records from the sqllite
database or perhaps some indices I can create to get it to respond faster?

Thanks again.

openvassd.messages:

[Sun Sep 11 21:42:25 2011][31484] user om starts a new scan. Target(s) :
1.2.3.4/24, with max_hosts = 10 and max_checks = 4
...nothing stands out in between...
[Mon Sep 12 02:40:17 2011][31484] Stopping the whole test (requested by
client)
[Mon Sep 12 02:40:17 2011][31484] Client abruptly closed the communication
[Mon Sep 12 02:40:18 2011][31484] Total time to scan all hosts : 17873
seconds
[Mon Sep 12 02:40:18 2011][31484] user om : Kept alive connection
[Mon Sep 12 02:40:20 2011][31484] Communication closed by client


openvasmd.log:

lib  auth:  DEBUG:2011-09-12 01h40.23 utc :31485: Searching rules file for
user X (de4de448-c464-45e4-a330-8328c32aaa1e)
event task:MESSAGE:2011-09-12 01h42.25 utc :31485: Status of task DMZ Scan
(2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386) has changed to Running
lib  serv:MESSAGE:2011-09-12 06h40.08 utc :11770:    Shook hands with peer.
lib  serv:MESSAGE:2011-09-12 06h40.08 utc :11769:    Shook hands with peer.
lib  serv:MESSAGE:2011-09-12 06h40.08 utc :11770:    send 105 from
<authenticate><credentials><us[...]
lib  serv:MESSAGE:2011-09-12 06h40.08 utc :11770: =>
<authenticate><credentials><username>X</username><password></password></credentials></authenticate>
lib  serv:MESSAGE:2011-09-12 06h40.08 utc :11770: => done
lib   xml:MESSAGE:2011-09-12 06h40.08 utc :11770:    asking for 1048576

lib  serv:  DEBUG:2011-09-12 06h40.08 utc :11769:    Connected to server on
socket 9.

lib   xml:MESSAGE:2011-09-12 06h40.12 utc :11770: <= <authenticate_response
status="200" status_text="OK"/>

lib  serv:MESSAGE:2011-09-12 06h40.12 utc :11770:    send 59 from <stop_task
task_id="2ea52bbe-4[...]
lib  serv:MESSAGE:2011-09-12 06h40.12 utc :11770: => <stop_task
task_id="2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386"/>
lib  serv:MESSAGE:2011-09-12 06h40.12 utc :11770: => done
lib   xml:MESSAGE:2011-09-12 06h40.12 utc :11770:    asking for 1048576

event task:MESSAGE:2011-09-12 06h40.15 utc :11769: Status of task DMZ Scan
(2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386) has changed to Stop Requested
event task:MESSAGE:2011-09-12 06h40.15 utc :11769: Task
2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386 has been requested to stop
lib   xml:MESSAGE:2011-09-12 06h40.15 utc :11770: <= <stop_task_response
status="202" status_text="OK, request submitted"/>

lib  serv:MESSAGE:2011-09-12 06h40.15 utc :11770:    Gave up trying to
gnutls_bye

lib  serv:MESSAGE:2011-09-12 06h40.15 utc :11769:    Failed to gnutls_bye:
Error in the push function.

lib  serv:MESSAGE:2011-09-12 06h40.15 utc :11769:    Gave up trying to
gnutls_bye

event task:MESSAGE:2011-09-12 06h40.15 utc :31485: Status of task DMZ Scan
(2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386) has changed to Stop Requested
lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124:    Shook hands with peer.
lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124:    send 105 from
<authenticate><credentials><us[...]
lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124: =>
<authenticate><credentials><username>X</username><password></password></credentials></authenticate>
lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124: => done
lib   xml:MESSAGE:2011-09-12 06h40.17 utc :12124:    asking for 1048576

lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12123:    Shook hands with peer.
lib  serv:  DEBUG:2011-09-12 06h40.17 utc :12123:    Connected to server on
socket 9.

lib   xml:MESSAGE:2011-09-12 06h40.17 utc :12124: <= <authenticate_response
status="200" status_text="OK"/>

lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124:    send 59 from <stop_task
task_id="2ea52bbe-4[...]
lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124: => <stop_task
task_id="2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386"/>
lib  serv:MESSAGE:2011-09-12 06h40.17 utc :12124: => done
lib   xml:MESSAGE:2011-09-12 06h40.17 utc :12124:    asking for 1048576

event task:MESSAGE:2011-09-12 06h40.18 utc :12123: Task
2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386 has been stopped
lib   xml:MESSAGE:2011-09-12 06h40.18 utc :12124: <= <stop_task_response
status="200" status_text="OK"/>

lib  serv:MESSAGE:2011-09-12 06h40.18 utc :12124:    Gave up trying to
gnutls_bye

lib  serv:MESSAGE:2011-09-12 06h40.18 utc :12123:    Failed to gnutls_bye:
Error in the push function.

lib  serv:MESSAGE:2011-09-12 06h40.18 utc :12123:    Gave up trying to
gnutls_bye

event task:MESSAGE:2011-09-12 06h40.19 utc :31485: Status of task DMZ Scan
(2ea52bbe-4a46-4d1a-87cb-ddb98b0c3386) has changed to Stopped
lib  serv:MESSAGE:2011-09-12 06h40.20 utc :31485:    Gave up trying to
gnutls_bye


Sincerely,

-- 
William Strucke
wstrucke at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20110912/4b40d853/attachment.html>


More information about the Openvas-discuss mailing list