Understanding different Scan Engine statuses and states
Understanding different Scan Engine statuses
The scan progress page reports the status of the Scan Engine used for a site. If you are scanning an asset group that is configured to utilize the most recently used Scan Engine for each asset, you may see statuses reported for more than one Scan Engine.
The Status column reports the status of the Scan Engine. These statuses correspond to the scan states. See understanding different scan states. An additional possible Scan Engine status is unknown. This status occurs when the Scan Engine could not be contacted. In this case, you should check whether the Scan Engine is running and reachable.
Understanding different scan states
It is helpful to know the meaning of the various scan states listed in the Status column of the Scan Progress table. While some of these states are fairly routine, others may point to problems that you can troubleshoot to ensure better performance and results for future scans. It is also helpful to know how certain states affect scan data integration or the ability to resume a scan.
In the Status column, a scan may appear to be in any one of the following states:
- A scan was manually paused by a user.
- A scan has exceeded its scheduled duration window. If it is a recurring scan, it will resume where it paused instead of restarting at its next start date/time.
- A scan has exceeded the Security Console's memory threshold before the Security Console could finish importing data from the Scan Engine.
In all cases, the Security Console processes results for targets that have a status of Completed Successfully at the time the scan is paused. You can resume a paused scan manually.
Resuming a paused scan restarts information gathering.
When you resume a paused scan, the application will scan any assets in that site that did not have a status of Completed Successfully at the time you paused the scan. Since it does not retain the partial data for the assets that did not reach the completed state, it begins gathering information from those assets over again on restart.
Identifying scan disruptions
Communication issues between the Security Console and Scan Engine can cause scan disruptions. The Security Console typically can recover scan data that preceded the disruption. You can determine if this has occurred by one of the following methods:
- Check the connection between your Security Console and Scan Engine with a ICMP (ping) request.
- Click the Administration tab.
- In the Scans > Scan Engines section, click Manage scan engines.
- Click on the Refresh icon for the Scan Engine associated with the failed scan. If there is a communication issue, you will see an error message.
- Open the nsc.log file located in the \nsc directory of the Security Console and look for error-level messages for the Scan Engine associated with the failure.
Determining if scans with normal states are having problems
Sometimes scans will display normal states despite having issues. If either of these two states are displayed but your scan appears to be operating abnormally you should contact technical support.