Is anyone using Tenable Nessus agent in their environment? Have you noticed any issues with throughput for your backups? I ask because we have it installed on our Commvault servers and it is affecting the network but I'm being told that Nessus agent does not interfere with day to day operations. I ran a library throughput trend report with Nessus agent installed, uninstalled and reinstalled, there definitely is a issue there. Anyone else having similar issues?
Tenable Nessus Agents on Commvault Servers
Best answer by dude
While checking the logs I could see ports 8400/8403 being scanned (sort of taken by Nessus).
Came across this doc and my actual solution was to exclude the Oracle Servers from Nessus Scan.
Had a ticket with CV when I was somewhat already convinced Nessus was breaking things. Inquired about some sort of documentation around that and nothing was found in CV Docs. Talked to Security and they said that Nessus as considering CV operation as a threat. And from there it was a ping pong where CV would ask me to talk to Nessus and vice versa.
I`d say, select maybe 2 / 3 different agents you are having issues and create a total exclusion from Nessus, run a backup. It is likely you will see success. Grab the logs, enable Nessus and run another backup and compare the logs, see if you can spot any of the errors below and analyze with your security team.
An exclusion may very well be needed which is what I ended up for one UNIX only.
@@@@
Some of the logs I had seen it were like this.
packet size (50331667)
502115 cd 05/18 15:28:59 ### [CVipcD] ERROR: slRecvMsgWithTout(): allocated buffer size (65536) is less than incoming packet size (1195725856)
502115 cd 05/18 15:28:59 ### [CVipcD] slRecvMsgWithTout(): socket 15: Connection reset by peer
502115 13 05/18 15:29:07 ### [CVipcD] ERROR: connCVd: accept error [130]
502115 13 05/18 15:29:07 ### [CVipcD] connCvd: listen socket will not be closed.
CVFWD.LOG
502117 0001 05/18 15:26:38 ######## ######## ERROR: cvfwd_validate_command(): Invalid opening message signature 0x16
502117 0001 05/18 15:26:38 TN:00003 ######## ERROR: cvfwd_dispatch_one_tunnel(): Received invalid command from fd=14. Drop the socket.
CVD.LOG
>>>>>>>>>>>>>>>> 502115 cd 05/18 15:26:38 ### [CVipcD] ERROR: slRecvMsgWithTout(): allocated buffer size (65536) is less than incoming packet size (369295616)
502115 cd 05/18 15:26:38 ### [CVipcD] ERROR: slRecvMsgWithTout(): allocated buffer size (65536) is less than incoming packet size (369295360)
502115 cd 05/18 15:26:38 ### [CVipcD] ERROR: slRecvMsgWithTout(): allocated buffer size (65536) is less than incoming packet size (352518400)
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.