Only log results (severity 0.0)

GVM versions

gsad: (‘gsad --version’)
Greenbone Security Assistant 21.4.1~dev1

gvmd: (‘gvmd --version’)
Greenbone Vulnerability Manager 21.4.2~git-09bdb532f-HEAD
GIT revision 09bdb532f-HEAD
Manager DB revision 242

openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
OpenVAS 21.4.1~git-81c6a4e8-HEAD
GIT revision ~git-81c6a4e8-HEAD
gvm-libs 21.4.1~git-f10b1be1-HEAD

gvm-libs:

Environment

Operating system:
Debian GNU/Linux 10 (buster)
Kernel: (‘uname -a’)
Linux secops 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux
Installation method / source:
source

Hi,
I build a new servers which seems okay. The scan results however only contains log (severity 0.0) results. Even a test host -which i know has vulnerabilities- shows up in the known hosts list but only has log results. All feeds are up to date, and the dashboard shows nvt’s wirh all severity cllasses.

Any suggestions how to fix it?

Hi midyrp,

without the log messages it’s hard to help. My first guess would be that you just ran an unauthenticated scan instead of an authenticated one or that you used a wrong scan config for your purpose.

1 Like

Hello Steffen, I too have the exact same issue. When attempting to scan a Windows host (Server 2016) all I get is 0.0 log. I’m sure my creds are correct. I’m wondering if GVM does not like Active Directory in a hybrid model? Thought?

I apologize for the second post… I’m kind of new to GVM… Where can I find the log files?

Hi Steffen, Yes, it’s an unauthenticated scan. Still it should show issues like outdated webservers and telnet without default login (as it did before).

Still you are right, I will add logs today.
//Anton

I found logs here - /opt/gvm/var/log/gvm/gsad.log, gvmd.log, openvas.log, and ospd-openvas.log and none of them show any errors… There must be some other log files… I’m attempting an authenticated scan and have double checked my creds.

If you find something in the gvm logs, that would help, of course. What I meant, though, were the messages from the log results that you got from your scan. They might tell you something about what’s wrong.

1 Like

Hi,

Just started a new scan, but the logs are not much to go on


gsad.log:gsad gmp:MESSAGE:2021-08-23 14h49.05 GMT:654: Authentication success for 'admin' from 192.168.37.139


gvmd.log:event target:MESSAGE:2021-08-23 14h50.13 UTC:19938: Target Target for immediate scan of IP 192.168.37.5 - 2021-08-23 14:50:13 (af517407-0de9-46e5-a62d-0679a7999cc7) has been created by admin
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Status of task  (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to New
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has been created by admin
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Status of task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to Requested
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has been requested to start by admin
gvmd.log:event wizard:MESSAGE:2021-08-23 14h50.13 UTC:19938: Wizard quick_first_scan has been run by admin
gvmd.log:event task:MESSAGE:2021-08-23 14h50.20 UTC:19954: Status of task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to Running
gvmd.log:event task:MESSAGE:2021-08-23 14h52.10 UTC:19954: Status of task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to Done

openvas.log:sd   main:MESSAGE:2021-08-23 14h50.53 utc:20657: openvas 21.4.1~git-81c6a4e8-HEAD (GIT revision ~git-81c6a4e8-HEAD) started
openvas.log:sd   main:MESSAGE:2021-08-23 14h51.08 utc:20657: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 started: Target has 1 hosts: 192.168.37.5, with max_hosts = 20 and max_checks = 4
openvas.log:libgvm boreas:MESSAGE:2021-08-23 14h51.08 utc:20657: Alive scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 started: Target has 1 hosts
openvas.log:sd   main:MESSAGE:2021-08-23 14h51.11 utc:20899: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 started for host: 192.168.37.5
openvas.log:libgvm boreas:MESSAGE:2021-08-23 14h51.13 utc:20657: Alive scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 finished in 5 seconds: 1 alive hosts of 1.
openvas.log:sd   main:MESSAGE:2021-08-23 14h52.07 utc:20899: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 finished for host 192.168.37.5 in 56.60 seconds
openvas.log:sd   main:MESSAGE:2021-08-23 14h52.08 utc:20657: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 finished in 75 seconds: 1 alive hosts of 1

ospd-openvas.log:OSPD[649] 2021-08-23 16:50:16,108: INFO: (ospd.command.command) Scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 added to the queue in position 1.
ospd-openvas.log:OSPD[649] 2021-08-23 16:50:16,694: INFO: (ospd.ospd) Currently 1 queued scans.
ospd-openvas.log:OSPD[649] 2021-08-23 16:50:16,811: INFO: (ospd.ospd) Starting scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8.
ospd-openvas.log:OSPD[649] 2021-08-23 16:52:08,436: INFO: (ospd.ospd) c3956ee2-1bd1-4736-8d2c-3f299dc625d8: Host scan finished.
ospd-openvas.log:OSPD[649] 2021-08-23 16:52:08,439: INFO: (ospd.ospd) c3956ee2-1bd1-4736-8d2c-3f299dc625d8: Scan finished.

as for the report:

Vulnerability Severity QoD Host Location Created ▼
IP Name
Hostname Determination Reporting 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/tcp Mon, Aug 23, 2021 2:52 PM UTC
CPE Inventory 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/CPE-T Mon, Aug 23, 2021 2:52 PM UTC
OS Detection Consolidation and Reporting 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/tcp Mon, Aug 23, 2021 2:51 PM UTC
ICMP Timestamp Detection 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/icmp Mon, Aug 23, 2021 2:51 PM UTC
Traceroute 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/tcp Mon, Aug 23, 2021 2:51 PM UTC

//Anton

I’m seeing hashing errors…
md manage: INFO:2021-08-23 15h26.03 utc:79446: Updating VTs in database … 75769 new VTs, 0 changed VTs
md manage:WARNING:2021-08-23 15h26.04 utc:79446: update_nvts_from_vts: SHA-256 hash of the VTs in the database (9d9ca17b5b88abecc9ba9f14d48ffdcca73c0f3dc6e3b398d4e39d709f662120) does not match the one from the scanner (68504270bf7be68d007e9e89ca5d6cce70b6d4b897b85e8cfe24001a97528a5a).
md main:WARNING:2021-08-23 15h26.05 utc:79446: update_nvt_cache_retry: rebuild failed

re-install did not change anything … did the only thing left: install on a new fresh and clean vm