Understanding different Scan Engine statuses and states

Understanding different Scan Engine statuses

The scan progress page reports the status of the Scan Engine used for a site. If you are scanning an asset group that is configured to utilize the most recently used Scan Engine for each asset, you may see statuses reported for more than one Scan Engine.

The Status column reports the status of the Scan Engine. These statuses correspond to the scan states. See understanding different scan states. An additional possible Scan Engine status is unknown. This status occurs when the Scan Engine could not be contacted. In this case, you should check whether the Scan Engine is running and reachable.

Understanding different scan states

It is helpful to know the meaning of the various scan states listed in the Status column of the Scan Progress table. While some of these states are fairly routine, others may point to problems that you can troubleshoot to ensure better performance and results for future scans. It is also helpful to know how certain states affect scan data integration or the ability to resume a scan.

In the Status column, a scan may appear to be in any one of the following states:

In progress
A scan is gathering information on a target asset. The Security Console is importing data from the Scan Engine and performing data integration operations such as correlating assets or applying vulnerability exceptions. If a scan’s status remains in progress for an unusually long period of time, it may indicate that the Security Console cannot determine the actual state of the scan due to a communication failure with the Scan Engine. To test whether this is the case, try to stop the scan. If a communication failure has occurred, the Security Console will display a message indicating that no scan with a given ID exists. If this message displays please contact technical support.
Completed successfully
The Scan Engine has finished scanning the targets in the site, and the Security Console has finished processing the scan results. If a scan has a completed successfully status, but no data is visible for that scan, this may indicate that the Scan Engine has stopped associating with the scan job. To test whether this is the case, try starting the scan again manually. If this issue has occurred, the Security Console will display a message that a scan is already running with a given ID. If this message displays please contact technical support.
Stopped
A user has manually stopped the scan before the Security Console could finish importing data from the Scan Engine. The data that the Security Console had imported before the stop is integrated into the scan database, whether or not the scan has completed for an individual asset. You cannot resume a stopped scan. You will need to run a new scan.
Paused
One of the following events occurred:
  • A scan was manually paused by a user.
  • A scan has exceeded its scheduled duration window. If it is a recurring scan, it will resume where it paused instead of restarting at its next start date/time.
  • A scan has exceeded the Security Console's memory threshold before the Secu­rity Console could finish importing data from the Scan Engine.
Failed
A scan has been disrupted due to an unexpected event. It cannot be resumed. An explanatory message will appear with the Failed status. You can use this information to troubleshoot the issue with Technical Support. One cause of failure can be the Security Console or Scan Engine going out of service. In this case, the Security Console cannot recover the data from the scan that preceded the disruption.
Aborted
A scan has been interrupted due to a crash or other unexpected events. The data that the Security Con­sole had imported before the scan was aborted is integrated into the scan database. You cannot resume an aborted scan. You will need to run a new scan.

In all cases, the Security Console processes results for targets that have a status of Completed Successfully at the time the scan is paused. You can resume a paused scan manually.

Resuming a paused scan restarts information gathering.

When you resume a paused scan, the application will scan any assets in that site that did not have a status of Completed Successfully at the time you paused the scan. Since it does not retain the partial data for the assets that did not reach the completed state, it begins gathering information from those assets over again on restart.

Identifying scan disruptions

Communication issues between the Security Console and Scan Engine can cause scan disruptions. The Security Console typically can recover scan data that preceded the disruption. You can determine if this has occurred by one of the following methods:

  1. Check the connection between your Security Console and Scan Engine with a ICMP (ping) request.
  2. Click the Administration tab.
  3. In the Scans > Scan Engines section, click Manage scan engines.
  4. Click on the Refresh icon for the Scan Engine associated with the failed scan. If there is a communication issue, you will see an error message.
  5. Open the nsc.log file located in the \nsc directory of the Security Console and look for error-level messages for the Scan Engine associated with the failure.

Determining if scans with normal states are having problems

Sometimes scans will display normal states despite having issues. If either of these two states are displayed but your scan appears to be operating abnormally you should contact technical support.

In progress
In progress status for an unusually long time, this may indicate that the Security Con­sole cannot determine the actual state of the scan due to a communication failure with the Scan Engine. To test whether this is the case, try to stop the scan. If a communication failure has occurred, the Security Console will display a message indicating that no scan with a given ID exists.
Completed successfully
If a scan has a completed successfully status, but no data is visible for that scan, this may indicate that the Scan Engine has stopped associating with the scan job. To test whether this is the case, try starting the scan again manually. If this issue has occurred, the Security Console will display a message that a scan is already running with a given ID.