Under gvm-11, I notice my scans yeld a lot of “No redis DB available” errors, while my number of database is set accordingly to the gvmd recommended formula. I tried increasing the database value in redis to various different values (including up to 2048 to see if that would make any difference), but I don’t see any real impact, appart maybe that the scans goes longer.
So I’m wondering about the scan impact this error has. When no redis db is available, does that mean that the current scan results are not saved, and scan kind of bypass the results, or does that mean that it just delay the scan ? Eg; openvas “wait” for a redis db to become available before resuming the scan ?
And also, why increasing the database value significantly doesn’t seem to have any real impact (I still see a lot of those errors whatever value I put in redis.conf)
Short answer, it is the number of concurrent scanned hosts of the scan. Long answer these dbs are used to separate the scan results of the hosts. If you have a lot of dead hosts it can be possible that gvmd didn’t request the results yet and a host db is still kept. It is only removed and reused after all results have been requested.
Which is typically my case. I’m scanning large networks with a lot of dead hosts. In that situation, would you recommend to stick with the base formula, or to set a much higher redis database value to address the dead hosts as well ?
I couldn’t find any hints of possible impacts in setting up a high database values; such as 4096 for instance for a network of /20. From the doc I understand openvas only waits for redis db to become available, so the only impact is that the scans takes longer. On the other hand, setting a high database value may speedup the scan only if the overhead doesn’t kill redis…
It is always better to set a higher limit like 4096. The openvas scanner will wait for an available db during a running scan but it is very likely that ospd-openvas will reject starting any new scan if no db can be acquired.