[Openvas-plugins] network information: Security Note or Log?
Tim Brown
timb at openvas.org
Tue Aug 25 22:16:21 CEST 2009
On Tuesday 25 August 2009 14:06:06 Chandrashekhar B wrote:
> >> I think all discovered information should be in the report, so
> >> security_note() is appropriate in this case. log_message() should only
> >> be used to log information such as plugins's inability to perform
> >> something, error messages etc.,
> >>
> >> The discovered information is always useful to analyze the effectiveness
>
> of
>
> >> the report, not everyone looks at logs.
> >
> > I agree in principle.
> >
> > But yet again: Should the NVTs that do collect information
> > into the KB report on their own Security-level message? Isn't it a better
> > design to have other scripts report on such information.
>
> security_warning/security_hole is generally used for reporting
> vulnerabilities and security_note is always used to dump some info which is
> generally useful to assess the report. I don't think there are Plugins that
> use security_note to report vulnerabilities.
We had a pretty long chat about this on IRC today
(http://www.linux.hr/openvas/archive/index.php?d=2009-08-25 starts at about
14:00)... the upshot is that I'm going to work on a draft CR for this...
Mostly because if we're going to make a change, I'm interested in seeing it
done right.
Tim
--
Tim Brown
<mailto:timb at openvas.org>
<http://www.openvas.org/>
More information about the Openvas-plugins
mailing list