Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

CVE Reporting - No data available in table

I setup CVE Reporting:

 VULN_CVESEARCH_ENABLE = on

 VULN_CVESEARCH_VERBOSE = on

 VULN_CVESEARCH_HOST = HTTP host serving CVE-Search on port 80

I ran the script on the OCS server to pull in initially by running:

 # cd /usr/share/ocsinventory-reports/ocsreports/crontab/ && php cron_cve.php

 CVE's Data processing ...

 0 CVE has been added to database

Printout

Did I miss a step? 

in OCS Inventory NG server for Unix by (1.9k points)

21 Answers

0 votes
I also want to add that I'm using a nginx reverse proxy. That's why I can use port 80 otherwise stick to port 5000.
by (1.9k points)
0 votes
You'll have to use the same host that you'd use to connect to the cve-search site. So the :80 can't be different than what you use for :5000.
by (1.9k points)
0 votes

I'm having same issue. Upgraded OCS from 2.6 -> 2.7 on 12.5.2020 then tried to run cve like this:

# cd /usr/share/ocsinventory-reports/ocsreports/crontab/ && php cron_cve.php

 CVE's Data processing ...

 0 CVE has been added to database

Should there be some other result in this "0 CVE has been added to database" when this is functional or might that be just cosmetical error? I mean "10 CVE has been added to database" or something like that?

I can also curl the http://cve.circl.lu:80/

This is how configuration looks like:

by (260 points)
0 votes

@

You can follow the progress by looking at the log ofthe CVESearch service as the OCS cron queries each product like Adobe Air or Centos from the database. 

by (1.9k points)
0 votes
by (140 points)
0 votes

Running OCS Inventory 2.8 but I can't get this to work.

When I start the script manually:

cd /usr/share/ocsinventory-reports/ocsreports/crontab/ && php cron_cve.php

The script runs for couple hours with output something like this..
.....

Processing Microsoft softwares ...

Processing Microsoft Coporation softwares ...

Processing Microsoft Corporation softwares ...

Processing Microsoft Corporations softwares ...

...

Result: 0 CVE has been added to database

...

Should there be something else than "0 CVE has been added"?

I have tried with these server addresses

https://cve.circl.lu

http://cve.circl.lu:80/

by (260 points)
edited by
0 votes
Hi,

same issue for me (OCS server v. 2.8 from scratch)...

> I already had the same issue on several of my OCS servers in 2.7

Does this feature really work for someone ?
by (1.2k points)
0 votes
ocs 2.8

For me, it cron php works once at the beginning, but many 80% of software missing in reports but are in my local CVE database.  and for those reported, many CVE reported are not on the good version.
by (240 points)
+2 votes

hello, check if the software_link table is filled otherwise run this https://ask.ocsinventory-ng.org/13117/ocs-2-9-software-total-display-0-issue and then the cron_cve.php

by (180 points)
0 votes
After fixing the software-total-display-0 issue as suggested by herve008, set the VULN_CVE_EXPIRE_TIME to 1 before running cron_cve.php again, otherwise it will return immediately as the default expiration time is 72 hours. And don't forget to put it back to the original value or your server will get unhappy :-)
by (260 points)
 
Powered by Question2Answer
...