Troubleshooting » History » Version 8
Luke Murphey, 05/03/2011 08:59 PM
1 | 7 | Luke Murphey | {{>toc}} |
---|---|---|---|
2 | 7 | Luke Murphey | |
3 | 1 | Luke Murphey | h1. Troubleshooting |
4 | 1 | Luke Murphey | |
5 | 6 | Luke Murphey | |
6 | 6 | Luke Murphey | h2. NSIA Does Not Scan Some URLs |
7 | 6 | Luke Murphey | |
8 | 6 | Luke Murphey | NSIA may not scan some URLs that you expect it to. Below are potential causes and solutions that may address the issue: |
9 | 6 | Luke Murphey | |
10 | 6 | Luke Murphey | h3. The scanner is hitting the recursion depth limit |
11 | 6 | Luke Murphey | |
12 | 6 | Luke Murphey | Increase the "Levels to Recurse" in the scan rule to allow NSIA to scan more URLs. |
13 | 6 | Luke Murphey | |
14 | 6 | Luke Murphey | h3. The scanner is hitting the scan count limit |
15 | 6 | Luke Murphey | |
16 | 6 | Luke Murphey | Increase the "Maximum Number of Resource to Scan" in the scan rule to allow NSIA to scan more URLs. |
17 | 6 | Luke Murphey | |
18 | 6 | Luke Murphey | h3. The link is not a descendant of one of the links defined in the rule |
19 | 6 | Luke Murphey | |
20 | 6 | Luke Murphey | NSIA will scan all URLS you define and then scan descendants of the URLs until it either hits the scan limit or runs out of URLs to scan. URLs that are not descendants of the one of the defined URLs will not be scanned. To address this, add additional URLs to the "Addresses to Scan" field in the scan rule. |
21 | 6 | Luke Murphey | |
22 | 6 | Luke Murphey | h3. The domain restriction is too restrictive |
23 | 1 | Luke Murphey | |
24 | 8 | Luke Murphey | If the domain restriction is too restrictive then NSIA may be ignoring URLs that you want to scan. For example, a domain limit of +*threatfactor.com/somedir*+ will prevent +*threatfactor.com/anotherdir*+ from being scanned. To fix this, change the domain restriction to be less restrictive (e.g. changing it to +*threatfactor.com*+). |
25 | 6 | Luke Murphey | |
26 | 6 | Luke Murphey | |
27 | 1 | Luke Murphey | h2. NSIA Runs Out of Memory |
28 | 1 | Luke Murphey | |
29 | 1 | Luke Murphey | To resolve this either: |
30 | 1 | Luke Murphey | * Reduce the rate of the scans (this is preferred) |
31 | 1 | Luke Murphey | * Increase the amount of memory available to NSIA |
32 | 1 | Luke Murphey | |
33 | 1 | Luke Murphey | Note that NSIA has a limit on the maximum amount of memory that it will use which is independent of the amount of memory that the server it if running on has. In other words, NSIA may be running out of memory even though the server has plenty of available memory. The maximum limit can be modified by changing the Java settings |
34 | 1 | Luke Murphey | |
35 | 1 | Luke Murphey | h3. Reducing the Scan Rate |
36 | 1 | Luke Murphey | |
37 | 2 | Luke Murphey | To reduce the scan rate, open the configuration page (i.e. http://127.0.0.1:8080/System/Configuration) and reduce the "Maximum HTTP Scan Threads" setting. By default, the system will allocate 10 threads to scanning at one time. Reducing the number of threads will reduce the memory and CPU usage of the system at any one time. |
38 | 2 | Luke Murphey | |
39 | 2 | Luke Murphey | Additionally, reducing the scan frequency of the individual rules may be necessary to reduce the load on the system. Finally, system load can be reduced by decreasing the number of resources to be scanned by lowering the depth or resource limit on HTTP Auto-Discovery rules. However, note that reducing the number of resources to scan reduces the chance that NSIA will detect a security problem. Generally, this option should be avoided. |
40 | 1 | Luke Murphey | |
41 | 1 | Luke Murphey | h3. Increasing Memory |
42 | 1 | Luke Murphey | |
43 | 1 | Luke Murphey | The Java Runtime Environment contains a setting that limits how much memory the application uses. To increase this value, edit the config.ini file and change the value of the JVM.Arguments option. The value of the argument should be "-Xmx" followed by the amount of mamoery you want allocated to the JRE. Below is a sample of a config.ini file that allocates up to 2 GB: |
44 | 1 | Luke Murphey | |
45 | 1 | Luke Murphey | <pre> |
46 | 1 | Luke Murphey | JVM.Arguments=-Xmx2g |
47 | 1 | Luke Murphey | </pre> |
48 | 3 | Luke Murphey | |
49 | 3 | Luke Murphey | Note that the config.ini file will only have an effect if the NSIA binaries are used (such as "ThreatFactor NSIA.exe" or "ThreatFactor NSIA Service.exe"). You'll need to set the options to the JVM if you are calling it directly. Note that the daemon script that is provided with NSIA will need to be modified to change the memory settings for the the daemon. |
50 | 4 | Luke Murphey | |
51 | 4 | Luke Murphey | h2. NSIA Terminates Indicating "invalid maximum heap size" |
52 | 4 | Luke Murphey | |
53 | 4 | Luke Murphey | NSIA may fail if the memory settings are incorrect with a message such as: |
54 | 4 | Luke Murphey | |
55 | 4 | Luke Murphey | <pre> |
56 | 4 | Luke Murphey | Invalid maximum heap size: -Xmx512m |
57 | 4 | Luke Murphey | Could not create the Java virtual machine. |
58 | 4 | Luke Murphey | </pre> |
59 | 4 | Luke Murphey | |
60 | 4 | Luke Murphey | The settings need to be changed to be more conservative such as: |
61 | 4 | Luke Murphey | |
62 | 4 | Luke Murphey | <pre> |
63 | 4 | Luke Murphey | JVM.Arguments=-Xms40m -Xmx256m |
64 | 4 | Luke Murphey | </pre> |
65 | 5 | Luke Murphey | |
66 | 5 | Luke Murphey | h2. NSIA Service Terminates |
67 | 5 | Luke Murphey | |
68 | 5 | Luke Murphey | The NSIA service will terminate if the underlying NSIA application could not be executed. The Windows event log may include a message such as: "NSIA has stopped unexpectedly, the service will now shutdown too". |
69 | 5 | Luke Murphey | |
70 | 5 | Luke Murphey | To debug this issue, run NSIA directly (as opposed to running the service) and see if it runs without the service. Follow the instructions below to run it directly: |
71 | 5 | Luke Murphey | |
72 | 5 | Luke Murphey | # Open a command prompt (Start Menu > Run > cmd.exe) |
73 | 5 | Luke Murphey | # Change to the path that NSIA was installed in (e.g. cd "C:\Program Files\ThreatFactor.com NSIA\") |
74 | 5 | Luke Murphey | # Change to the bin path (cd bin) |
75 | 5 | Luke Murphey | # Run NSIA.jar ("java -jar nsia./jar") |
76 | 5 | Luke Murphey | |
77 | 5 | Luke Murphey | This should start NSIA or throw an error if it could not be launched. Most likely it will fail (since the service could not start it either) indicating why it could not be executed. |