My master has 8vCPUs and 8GB RAM and I am always pushing it to the max. My
concurrent NVTs is set to 5 while my concurrent hosts is set to 20. When I say
I regularly push it to the max I mean I see loads on the host between 10 and 30
for a few hours at a time.
My slaves are setup with similar specs and they get pushed to similar loads.
I have only once encountered a case where the endpoint even noticed the scan.
And that in itself was a total fluke that I was even alerted to it. One of the
NVT checks actually caused such a load on the drives that it paused the server
for 1 minute. I only found out because some one was giving a demo on one of
the hosts being tested at the time and saw the Java web page completly stop.
After 2 minutes they were back with no issue, no data loss.
Now that I have stripped that NVT check out no one notices the scans at all on
the end point. My end point are running a Java front end with a mysql back end
and can sometimes hit high loads just on their own processing. But still the
scans incur far more network traffic then then anything else.
The moral of the story is make your scanner as beefy as you can afford. Then
drop the number of concurrent tests per host down as low as you can to make the
scans as un-noticable as possible. But increase the number of concurrent hosts
as high as you can so long as you are not freaking out your network team.
Louis
:::::
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
> On Apr 26, 2018, at 5:20 AM, Roger Davies <rog.dav...@gmail.com> wrote:
>
> Hi Peter
>
> You will need to adjust the concurrent NVTs parameter to best suit your
> client machines, but with the extra CPU on the server, you can scan more
> targets concurrently, so the whole scan will complete quicker.
>
> So, set the "Maximum concurrently executed NVTs per host" to a nice low
> figure to best suit the clients, but set the "Maximum concurrently scanned
> hosts" to 20 or more (only really affects the server), see how the server
> load reacts and adjust down/up accordingly.
>
> Roger
>
>
>
> On 25 April 2018 at 21:16, Peter Collins <jetcoll...@gmail.com
> <mailto:jetcoll...@gmail.com>> wrote:
> I'm currently scanning on a 4-core vm with 4gm ram, in Virtualbox on a
> laptop, within OSSIM. Traffic average during a scan is about 4kB/s
> (kiloBYTES). Network pipe is not the bottleneck. It can provide 20mb/s
> (megaBITS) easily. If I get a 12-core/24-thread server with SSD and 32G ram,
> will the scans go faster, all settings being the same? And, will it hammer on
> the targets too hard and disrupt them?
>
> thanks
>
> Peter
>
> (please no asshat questions about bytes and bits. I have indicated clearly)
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> <mailto:Openvas-discuss@wald.intevation.org>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss>
>
>
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
