Firstly, thanks to everyone at Greenbone for all the great work.
I know this is not a support channel but maybe you can give me some hints.
At 99% of a particular scan the redis-server shuts down and the scan changes status to Interrupted.
Here is the stack trace
I have been monitoring and specifically at 99% redis uses all memory (at least very close to it).
Openvas does set redis to use everything it can from the OS as it does not have a maxmemory set in the config.
Should it be crashing from this as it has no eviction? What happens when there is no memory left?
Once it shuts down I have to restart redis-server and the scanner.
It is using libglib2.0-dev for glib.
Thanks for the quick reply @cfi.
If the permissions were wrong could the task go to 99% or run some tasks altogether?
I believe everything is correct but double checked:
I’m certainly not a redis expert, but some time ago, based on a recommendation from another user, I raised the number of databases redis creates to 512. My original build had been using 128. If you are starting redis without the --databases option, then I think the default is only 16.
–databases 512
I remember it being needed for larger scans. Maybe this could resolve for you.
@drm I don’t think it is a permission issue. The scan should not start at all. Please check what @mik said, probably you have some issue related to memory.
I don’t know how many tasks you are running in parallel, how many hosts in parallel, how many plugins per host. If your hosts have virtual hosts, and if you have the “expand_vhosts” option enabled (default yes). This information would be useful to find the problem/solution.
Both ospd-openvas and openvas are able to limit the running processes in case of low available memory. Ospd-openvas will just avoid running a new task. Openvas will stop launching plugins against the target until there is enough available memory. Of course, this will slow down the scan, but avoid memory issues.
You can run less host in parallel (default 20) and less plugins per host in parallel (default 4). If not necessary, disable the expand_vhosts option.
If you need to scan many vhosts, you can split the task, and scan some vhosts excluding the others (add the vhosts the exclude hosts).
As @jjnicola stated, expand_vhosts is enabled.
The concurrency settings are default (4 for NVTs and 20 for hosts).
I will try to tweak all of the latter including changing memory.
For me it is done with enough of Memory. I decreased machine memory to 10GB and its ok. It uses 8G at the moment.
I wonder why memory consumption is that much high as before, but i don’t understand. We have to deal with it.