Viewing scan results and using scan logs

Viewing scan results

After completing a scan it is important to view scan results to know if any remediation actions are required. Scan results can be saved for future reference in the form of scan logs. The Security Console lists scan results by ascending or descending order for any category depending on your sorting preference. In the Asset Listing table, click the desired category column heading, such as Address or Vulnerabilities, to sort results by that category. The Asset Listing table displays the number of known exposures for each asset. This includes both the vulnerability exploits known to exist for each asset and the number of malware kits that can be used to exploit the vulnerabilities detected on each asset.

View information about a scan
Click the link for an asset name or address to view scan-related, and other information about that asset. Remember that the application scans sites, not asset groups, but asset groups can include assets that also are included in sites.
View the results of a scan
To view the results of a scan, click the link for a site’s name on the Home page. Click the site name link to view assets in the site, along with pertinent information about the scan results. On this page, you also can view information about any asset within the site by clicking the link for its name or address.

Viewing the scan log

To troubleshoot problems related to scans or to monitor certain scan events, you can download and view the log for any scan that is in progress or complete.

Tracking scan events in logs

While the Security Console provides useful information about scan progress, you can use scan logs to learn more details about the scan and track individual scan events. This is especially helpful if, for example, certain phases of the scan are taking a long time. You may want to verify that the prolonged scan is running normally and isn't "hanging". You may also want to use certain log information to troubleshoot the scan.

This section provides common scan log entries and explains their meaning. Each entry is preceded with a time and date stamp; a severity level (DEBUG, INFO, WARN, ERROR); and information that identifies the scan thread and site.

Understanding scan log file names

Scan log files have a .log extension and can be opened in any text editing program. A scan log’s file name consists of three fields separated by hyphens: the respective site name, the scan’s start date, and scan’s start time in military format. Example: localsite-20111122-1514.log.

If the site name includes spaces or characters not supported by the name format, these characters are converted to hexadecimal equivalents. For example, the site name my site would be rendered as my_20site in the scan log file name.

The following characters are supported by the scan log file format:

  • numerals
  • letters
  • hyphens (-)
  • underscores (_)

The file name format supports a maximum of 64 characters for the site name field. If a site name contains more than 64 characters, the file name only includes the first 64 characters.

You can change the log file name after you download it. Or, if your browser is configured to prompt you to specify the name and location of download files, you can change the file name as you save it to your hard drive.

Finding the scan log

You can find and download scan logs wherever you find information about scans in the Security Console. You can only download scan logs for sites to which you have access, subject to your permissions.

Home page

  • On the Home page, in the Site Listing table, click any link in the Scan Status column for the in-progress or most recent scan of any site. Doing so opens the summary page for that scan. In the Scan Progress table, find the Scan Log column.

Site page

  • On any site page, click the View scan history button in the Site Summary table. Doing so opens the Scans page for that site. In the Scan History table, find the Scan Log column.

Scan History page

  • The Scan History page lists all scans that have been run in your deployment. On any page of the Security Console, click the Administration tab. In the Scans > History section, click View current and past scans. In the Scan History table, find the Completed column.

Downloading the scan log

  1. Click the Download icon on the scan log.
  2. A pop-up window displays the option to open the file or save it to your hard drive. You may select either option. To ensure that you have a permanent copy of the scan log, it is recommended you choose the option to save it. In the case that scan information is ever deleted from the scan database you will now have a back-up copy.

What to do if you do not see an open option.

If you do not see an option to open the file, change your browser configuration to include a default program for opening a .log file. Any text editing program, such as Notepad or gedit, can open a .log file. Consult the documentation for your browser to find out how to select a default program.

Import xlogs (Scan Data Logs)

In order to import scan data logs, you must first export scan data from a previously scanned site.

  1. On the site that contains the scan click View Scan History.
  2. Under Past Scans click on the scan name. Click Download. From the drop down menu select Scan Data.
  3. Move the downloaded file to the console and unzip the file.

Use the file that you downloaded for scan data importation.

  1. Provide the specific path for the scan folder. For example /home/user/scanlog/scan/.
  2. Get a site ID from a new or existing site. Hover over the Site name to see the site ID in browser. Alternatively, click on site to see the siteid= on the address bar. For example, if https://[NEXPOSE IP]:3780/site.jsp?siteid=7 is the address, the site id is 7.
  3. Import the scan data. Navigate to the Administration tab. Select the Run type as Import scan [path for scan data] [SiteID]. For Example: import scan /home/user/scanlog/scan/7.