Only log results (severity 0.0)

midyrp · August 21, 2021, 7:33pm

GVM versions

gsad: (‘gsad --version’)
Greenbone Security Assistant 21.4.1~dev1

gvmd: (‘gvmd --version’)
Greenbone Vulnerability Manager 21.4.2~git-09bdb532f-HEAD
GIT revision 09bdb532f-HEAD
Manager DB revision 242

openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
OpenVAS 21.4.1~git-81c6a4e8-HEAD
GIT revision ~git-81c6a4e8-HEAD
gvm-libs 21.4.1~git-f10b1be1-HEAD

gvm-libs:

Environment

Operating system:
Debian GNU/Linux 10 (buster)
Kernel: (‘uname -a’)
Linux secops 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux
Installation method / source:
source

Hi,
I build a new servers which seems okay. The scan results however only contains log (severity 0.0) results. Even a test host -which i know has vulnerabilities- shows up in the known hosts list but only has log results. All feeds are up to date, and the dashboard shows nvt’s wirh all severity cllasses.

Any suggestions how to fix it?

Steffen · August 23, 2021, 11:24am

Hi midyrp,

without the log messages it’s hard to help. My first guess would be that you just ran an unauthenticated scan instead of an authenticated one or that you used a wrong scan config for your purpose.

SanibelJack · August 23, 2021, 11:55am

Hello Steffen, I too have the exact same issue. When attempting to scan a Windows host (Server 2016) all I get is 0.0 log. I’m sure my creds are correct. I’m wondering if GVM does not like Active Directory in a hybrid model? Thought?

SanibelJack · August 23, 2021, 12:05pm

I apologize for the second post… I’m kind of new to GVM… Where can I find the log files?

midyrp · August 23, 2021, 1:44pm

Hi Steffen, Yes, it’s an unauthenticated scan. Still it should show issues like outdated webservers and telnet without default login (as it did before).

Still you are right, I will add logs today.
//Anton

SanibelJack · August 23, 2021, 2:06pm

I found logs here - /opt/gvm/var/log/gvm/gsad.log, gvmd.log, openvas.log, and ospd-openvas.log and none of them show any errors… There must be some other log files… I’m attempting an authenticated scan and have double checked my creds.

Steffen · August 23, 2021, 2:39pm

If you find something in the gvm logs, that would help, of course. What I meant, though, were the messages from the log results that you got from your scan. They might tell you something about what’s wrong.

midyrp · August 23, 2021, 2:57pm

Hi,

Just started a new scan, but the logs are not much to go on

gsad.log:gsad gmp:MESSAGE:2021-08-23 14h49.05 GMT:654: Authentication success for 'admin' from 192.168.37.139

gvmd.log:event target:MESSAGE:2021-08-23 14h50.13 UTC:19938: Target Target for immediate scan of IP 192.168.37.5 - 2021-08-23 14:50:13 (af517407-0de9-46e5-a62d-0679a7999cc7) has been created by admin
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Status of task  (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to New
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has been created by admin
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Status of task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to Requested
gvmd.log:event task:MESSAGE:2021-08-23 14h50.13 UTC:19938: Task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has been requested to start by admin
gvmd.log:event wizard:MESSAGE:2021-08-23 14h50.13 UTC:19938: Wizard quick_first_scan has been run by admin
gvmd.log:event task:MESSAGE:2021-08-23 14h50.20 UTC:19954: Status of task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to Running
gvmd.log:event task:MESSAGE:2021-08-23 14h52.10 UTC:19954: Status of task Immediate scan of IP 192.168.37.5 (66c56b7a-fd81-475d-8106-67edd5325e23) has changed to Done

openvas.log:sd   main:MESSAGE:2021-08-23 14h50.53 utc:20657: openvas 21.4.1~git-81c6a4e8-HEAD (GIT revision ~git-81c6a4e8-HEAD) started
openvas.log:sd   main:MESSAGE:2021-08-23 14h51.08 utc:20657: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 started: Target has 1 hosts: 192.168.37.5, with max_hosts = 20 and max_checks = 4
openvas.log:libgvm boreas:MESSAGE:2021-08-23 14h51.08 utc:20657: Alive scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 started: Target has 1 hosts
openvas.log:sd   main:MESSAGE:2021-08-23 14h51.11 utc:20899: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 started for host: 192.168.37.5
openvas.log:libgvm boreas:MESSAGE:2021-08-23 14h51.13 utc:20657: Alive scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 finished in 5 seconds: 1 alive hosts of 1.
openvas.log:sd   main:MESSAGE:2021-08-23 14h52.07 utc:20899: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 finished for host 192.168.37.5 in 56.60 seconds
openvas.log:sd   main:MESSAGE:2021-08-23 14h52.08 utc:20657: Vulnerability scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 finished in 75 seconds: 1 alive hosts of 1

ospd-openvas.log:OSPD[649] 2021-08-23 16:50:16,108: INFO: (ospd.command.command) Scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8 added to the queue in position 1.
ospd-openvas.log:OSPD[649] 2021-08-23 16:50:16,694: INFO: (ospd.ospd) Currently 1 queued scans.
ospd-openvas.log:OSPD[649] 2021-08-23 16:50:16,811: INFO: (ospd.ospd) Starting scan c3956ee2-1bd1-4736-8d2c-3f299dc625d8.
ospd-openvas.log:OSPD[649] 2021-08-23 16:52:08,436: INFO: (ospd.ospd) c3956ee2-1bd1-4736-8d2c-3f299dc625d8: Host scan finished.
ospd-openvas.log:OSPD[649] 2021-08-23 16:52:08,439: INFO: (ospd.ospd) c3956ee2-1bd1-4736-8d2c-3f299dc625d8: Scan finished.

as for the report:

Vulnerability Severity QoD Host Location Created ▼
IP Name
Hostname Determination Reporting 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/tcp Mon, Aug 23, 2021 2:52 PM UTC
CPE Inventory 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/CPE-T Mon, Aug 23, 2021 2:52 PM UTC
OS Detection Consolidation and Reporting 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/tcp Mon, Aug 23, 2021 2:51 PM UTC
ICMP Timestamp Detection 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/icmp Mon, Aug 23, 2021 2:51 PM UTC
Traceroute 0.0 (Log) 80 % [192.168.37.5](https://172.24.60.39/host/b55d1d6f-2510-4c1d-8735-510bffa08924) general/tcp Mon, Aug 23, 2021 2:51 PM UTC

//Anton

SanibelJack · August 23, 2021, 3:48pm

I’m seeing hashing errors…
md manage: INFO:2021-08-23 15h26.03 utc:79446: Updating VTs in database … 75769 new VTs, 0 changed VTs
md manage:WARNING:2021-08-23 15h26.04 utc:79446: update_nvts_from_vts: SHA-256 hash of the VTs in the database (9d9ca17b5b88abecc9ba9f14d48ffdcca73c0f3dc6e3b398d4e39d709f662120) does not match the one from the scanner (68504270bf7be68d007e9e89ca5d6cce70b6d4b897b85e8cfe24001a97528a5a).
md main:WARNING:2021-08-23 15h26.05 utc:79446: update_nvt_cache_retry: rebuild failed

midyrp · September 8, 2021, 8:35pm

re-install did not change anything … did the only thing left: install on a new fresh and clean vm

alessio · November 14, 2021, 7:46pm

Hi, i got the exact same problem. I installed gvm 21.4 with this documentation ‘’’ Building GVM 21.04 — Greenbone Documentation documentation ‘’’.
nmap is installed and working, feed is up to date and my target host has default login which should result in severity of 10.0.
If i start a scan i only get logs with a severity of 0.0.
The logs dont show any erros in fact everything seems to work just fine.

best regards

roma · November 15, 2021, 2:36pm

I would check here on my comment I made before. There is a known when installing on Debian/Ubuntu distros which overlooks nmap on systems and does not enable “Port Scanners” in your “Scan Config”: Scan Severity 0.0 (Log) - #2 by cfi