Tenable Nessus Troubleshooting

Tenable Nessus server does not appear to be operational

  1. Verify that the Tenable Nessus scanner Status is Unable to Connect.

  2. SSH to the remote Tenable Nessus host to make sure the underlying operating system is operational.

  3. Confirm that the Tenable Nessus daemon is running (Linux example below):

    # service nessusd status

    nessusd (pid 3853) is running...

  4. If the Tenable Nessus service is not running, start the service:

    # service nessusd start

    Starting Nessus services:

    # ps -ef | grep nessusd

    root      8201  8200 60 11:41 pts/2    00:00:05 nessusd –q

    root      8206  7842  0 11:41 pts/2    00:00:00 grep nessusd

    #

Cannot add a Tenable Nessus server

  1. Make sure the Tenable Nessus daemon was registered using the Tenable Security Center option for registration.

  2. Check connectivity from Tenable Security Center to the port the Tenable Nessus system is running on (e.g., 8834). For example, run:

    curl -k https://<scannerIPaddress>:<port>

Tenable Nessus scans fail to complete

  1. Ensure that the Tenable Nessus service is running on the Tenable Nessus host.

  2. Ensure that Tenable Nessus scanner is listed in Tenable Security Center under Resources > Nessus Scanners and that the status of the Tenable Nessus scanner is listed as Working. For more information, see Tenable Nessus Scanner Statuses.

  3. Click Edit to ensure that the IP address or hostname, port, username, password, and selected repositories for the Tenable Nessus scanner are all correct.

  4. Edit any incorrect entries to their correct state.

  5. Click Submit to attempt to reinitialize the Tenable Nessus scanning interface.

  6. Right click the scan results and click Scan Details to obtain a more detailed description of the error.

    If the scan details indicate a Blocking error, this is indicative of a license IP address count that has reached the limit. Either remove a repository to free up IP addresses or obtain a license for more IP addresses.

  7. Ensure that scan targets are permitted within the configured scan zones.

  8. Ensure the Tenable Nessus scanner is running a supported Tenable Nessus version. For minimum Tenable Nessus scanner version requirements, see the Tenable Security Center Release Notes for your version.

Tenable Nessus plugins fail to update

  1. Click System > Configuration.

    The Configuration page appears.

  2. Click License and ensure that the Tenable Nessus Activation Code is marked as Valid.

  3. Ensure the Tenable Nessus scanner is running a supported Tenable Nessus version. For minimum Tenable Nessus scanner version requirements, see the Tenable Security Center Release Notes for your version.

  4. Ensure that the user used to connect to the Tenable Nessus server is a Tenable Nessus administrator.

  5. Ensure that the Tenable Security Center system is allowed outbound HTTPS connectivity to the Tenable Nessus Plugin Update Site.

  6. Under System, Configuration, and Update in Tenable Security Center, ensure that Active Plugins is not set to Never.

  7. Manually test a plugin update under Plugins with Update Plugins.

    If successful, the line Active Plugins Last Updated updates to the current date and time.

  8. For all other Tenable Nessus plugin update issues, contact Tenable Support.