------------------------------------------------------------------------------- SESSIONS SAVING ------------------------------------------------------------------------------- Starting with Nessus 1.0.4, the experimental "sessions saving" feature has been added. Why experimental ? ------------------ Mainly because it has not been tested by many people, so we can expect it to generate bugs reports or user panics. This feature will be enabled by default at the next major release of Nessus (1.2) What is it ? ------------ "Session savings" allows you to make an audit without fearing any problems (power outage, crash of the nessus client, and so on...), because if any problem occurs, you know that you can reboot your server and continue the test where you left it (nearly - see the limitations for details). How to make it work ? --------------------- ./configure --enable-save-sessions, in nessus-core, then : make make install Then, in the 'target' panel of the client, you have your list of sessions. You can either delete them (to save disk space and make sure that nobody will ever read them) or restore the sessions. If you chose to restore a session, then your client acts as if the test was occuring in fast forward mode. Note that each user has his own sessions, so if you share your nessusd server with other people, they won't see your sessions, and you won't see theirs. Limitations ----------- . Only the host whose test has been finished will have their data saved. Suppose you are testing 200 hosts, 8 hosts at a time, and that a power failure occurs when you are testings the hosts #100, 101, 102, ... 108. If you ask to nessusd to restore your session, you'll test _again_ these eight hosts (but not the 99 hosts that you already tested). So, if you only use Nessus to test your localhost, this feature is less interesting. . If you change your plugin set, then the new tests will be done with your new plugin set, but the old results won't change. Files ----- All your report are saved on the server side, in ${prefix}/var/nessus// But you should not handle the files there directly. Instead, you should use the Nessus client to do this job. ------------------------------------------------------------------------------ Renaud Deraison $Id$