For some reason, I can’t use alerts anymore. I want to export a report to a Samba share after each scan. I did have this set-up before, so I know it works but it stopped working for some reason.
The logs aren’t really useful cause it says the alert was triggered:
event alert:MESSAGE:2021-04-30 14h48.04 UTC:27759: The alert Samba was triggered (Event: Task status changed to ‘Done’, Condition: Always)
When I try to “force” an alert, the GSA tells me this:
Am I missing some logfile where it will tell me where it’s failing? I can access the SMB share from smbclient on the machine itself, but for somereason GVM cannot access it.
Tried with this docker container first, same issue. Used this script for installing without docker.
If you need more information, please let me know. I hope someone can point me in the right direction!
Thanks for the answer! I ran a strace on the gvmd PID to see what was happening when I clicked the trigger alert button. I don’t see any issues that could cause my problem, but reading a strace is not my strongest suit.
Do you see anything thats does not look correct? Thanks.
I figured it out, thanks! There was indeed a lot more information if I ran the process using strace. It showed me the error message NT_STATUS_PERMISSION_DENIED, and after some digging it was because of some misconfigured permissions on the Windows Server I’m using to store the reports.
One last question, I’ve tried searching for it but can’t really find anything. Is it possible to create 1 alert and every time it runs, it wil use a different name for the report? For example, every report is called report.csv because thats what it is set to in the Alert settings, but I would like to have something like report+UID, just like when you manually download a report (e.g. report-bb4bb18a-de2e-4ffb-be3d-0a6035518c60.csv).