Notus-scanner - doesn't seem to be used during scan

I’ve upgraded to the latest Greenbone 22.4 since a while but only now packaged and installed notus-scanner (and mosquitto). Both services are running:

/var/log/gvm/ospd-openvas.log
OSPD[202] 2022-09-30 10:19:21,817: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker

/var/log/gvm/notus-scanner.log
2022-09-30 12:19:11,576 notus-scanner: INFO: (notus.scanner.daemon) Starting notus-scanner version 22.4.1.

mosquitto:

Sep 30 12:19:11 host systemd[1]: Started mosquitto.service - Mosquitto MQTT Broker.
Sep 30 12:19:11 host mosquitto[218]: 1664533151: New connection from 127.0.0.1:53431 on port 1883.
Sep 30 12:19:11 host mosquitto[218]: 1664533151: New client connected from 127.0.0.1:53431 as notus-scanner (p5, c1, k60).
Sep 30 12:19:21 host mosquitto[218]: 1664533161: New connection from 127.0.0.1:52423 on port 1883.
Sep 30 12:19:21 host mosquitto[218]: 1664533161: New client connected from 127.0.0.1:52423 as ospd (p5, c1, k60).

Feed with *.notus files is also in place at /var/lib/notus/.

However when I scan e.g. an Ubuntu 20.04.3 LTS machine notus-scanner doesn’t appear to be used at all, no additional log entries appear in /var/log/gvm/notus-scanner.log during the scan.

Should gvmd --get-scanners list anything in addition to OpenVAS, like a notus-scanner?

su -c "gvmd --get-scanners" -s /bin/bash gvm
6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE
08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  /run/ospd/ospd-openvas.sock  0  OpenVAS Default

Also watching top during the scan I can only see openvas-scanner and nasl’s flying by. According to the docs: Building 22.4 from Source - Greenbone Community Documentation everything should be in place.

Am I missing something?

I’m sadly still having this issue to date and with/after the latest updates/releases/fixes.

When I manually issue the following command (just came up with this for testing purposes):

# su -c "notus-scan-start -b localhost --host-ip 192.168.0.1 --os-release ubuntu_22.10 --packages curl-7.85.0-1ubuntu0.1" -s /bin/bash gvm
Starting a scan with ID c17be011-3502-4c36-aaa2-f794556e3f17
# su -c "notus-scan-start -b localhost --host-ip 192.168.0.1 --os-release ubuntu_22.10 --packages curl-7.81.0-1ubuntu0.1" -s /bin/bash gvm
Starting a scan with ID ea6945fa-5c10-4e29-b8b6-d61e6c283bc0

I get at least an indication that it’s doing something in my /var/log/gvm/notus-scanner.log

2022-12-23 11:11:41,003 notus-scanner: INFO: (notus.scanner.scanner) Start to identify vulnerable packages for 192.168.0.1 (None)
2022-12-23 11:11:41,003 notus-scanner: INFO: (notus.scanner.scanner) Total number of vulnerable packages -> 0
2022-12-23 11:11:47,770 notus-scanner: INFO: (notus.scanner.scanner) Start to identify vulnerable packages for 192.168.0.1 (None)
2022-12-23 11:11:47,770 notus-scanner: INFO: (notus.scanner.scanner) Total number of vulnerable packages -> 1

contrary to regular scans done via GSA where there still just doesn’t seem to happen anything in regards to notus-scanner.

Any help would be greatly appreciated as I’ve still no clue on what I might be missing.

To answer myself in /etc/openvas/openvas.conf the following lines were missing / had to be added:

table_driven_lsc = yes
mqtt_server_uri = tcp://localhost:1883

Now the notus-scanner is used, working, producing results and these get successfully added to the respective scan results.

Hi,

just did some research and it seems table_driven_lsc = yes is not the default. It seems that it needs to be set explicitly. I’ll update the docs to set this setting explicitly. Thanks for that!