Metrics / Logs / Data on NVT execution duration


In order to optimize the global scan duration, I’m looking for a way to know how long each NVT took to be executed.
This could help to select which NVT enable / disable in a scan config.

I tried to enable debug logs and to look in the postgres DB but I could not find this data.

Do you know if this data is available somewhere?


Hello gnuletik and welcome to the forum!

I also looked into the /etc/openvas/openvas_log.conf file to enable all options, but did not find logging that reveals when a particular NVT’s execution begins or stops.

However, in the openvas-scanner docs, you can find a setting called log_whole_attack

The description says:

.IP log_whole_attack
If this option is set to ‘yes’, openvas will store the name, pid, date and target of each plugin launched. This is helpful for monitoring and debugging purpose, however this option might make openvas fill your disk rather quickly.

I think .IP stands for initialize preferences. If you look in the gvm-libs source-code file prefs.c you will see this setting is set to no by default.

Furthermore, this settings seems to be listed in the GSA source code’s scannerpreferences.js file as well.

However, I don’t see the option listed in the scan config preferences section within GSA and maybe this setting won’t work because it may not log the finish time of the NVT plugin’s execution, maybe only the start time? :person_shrugging: Even if it doesn’t log the compiled time, adding a a line or two to the source code would likely also allow the complete time to be logged when PLUGIN_STATUS_DONE.

Perhaps someone with more knowledge about this can expand on the easiest way to enable this extended logging feature.


log_whole_attack is configured via the configuration file of the openvas scanner itself (usually located at /etc/openvas/openvas.conf, but this may differ based on your installation method). There, you need to add the option log_whole_attack = yes and save.

Now every VT execution will be logged in the system log. Note that due to the large amount of VTs that are executed during each scan, this can quickly fill up a system’s log partition. We do not recommend activating this option permanently.


Wooh I’m amazed by your really fast answers with such quality.
Thanks a lot!

Setting log_whole_attack = yes inside /etc/openvas/openvas.conf worked like a charm!

I’m now able to see the following kind of logs:

sd   main:MESSAGE:2023-08-25 08h18.26 utc:509: toolcheck.nasl ( [510] finished its job in 0.025 seconds
sd   main:MESSAGE:2023-08-25 08h18.26 utc:509: Launching host_alive_detection.nasl ( against [...] [513]



Note that this is usually really not a good idea to disable VTs just because they are running too long as you would miss possible severe flaws then (e.g. the SSH Brute Forcing VT might take some time and if some default credentials are found it has a severe impact on the target).

1 Like