2 Replies Latest reply on Apr 27, 2012 3:14 AM by ritch

    MVM/Foundstone "tweaks"

    ritch

      Hi All

       

      Is there a complete single list of all the current "tweaks" and what they do for all the MVM components? Hunting around for them in the KB is painful to say the least!

       

      Ritch

        • 1. Re: MVM/Foundstone "tweaks"

          Hi Ritch,

           

          We don't really keep a published list since they are subject to change at any time.

           

          But here is a list that I frequently recommend:

           

          Scan Engine Debugging Tweaks

          [HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone\Foundscan\Tweaks] (for 32-bit host) or

          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\Foundscan\Tweaks]  (for 64-bit host)

          • "LogShell" - Controls Shell module logging.

          o DWORD

           ff – log EVERYTHING

          • "LogVulns" - Controls General vulnerability module logging.

          o DWORD

           ff – Log EVERYTHING

          • "LogWam" - Controls WHAM (Windows) module logging.

          o DWORD

           ff – Log EVERYTHING

          • "LogWireless" - Controls Shell module logging.

          o DWORD

           ff – Log EVERYTHING

          • "LogWebVulns" - Controls Web FASL module vulnerability module logging.

          o DWORD

           ff – Log EVERYTHING

          • "DebugSaveInternalXML" - Causes FoundScan to save off copies of the various XML documents that are passed between it and the FSDiscovery and FSAssessment servers. The values may be added together to preserve all of the documents or a subset of them. The files are saved in the ~Founstone\Logs folder.

          o DWORD

           ff – Log EVERYTHING

          > Restart of the FS Engine Service is only required for the DebugSaveInternalXML tweak.  All others are dynamic.

           

          Report Server Tweaks
          [HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone\ReportServer] (for 32-bit host) or
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\ReportServer]  (for 64-bit host)
          • “CSVReportFASLOutput" - Toggles a FASLOutput column to appear in the complianceVulnerabilities.csv file of the generated report that contains the raw FASL Output data.
          o REG_DWORD
           0 - Disable (default)
           1 - Enable
          • "DebugMode" –
          o REG_DWORD
            4 – Log Everything

          >> report server service must be restarted for them to take effect.

           

          FCM Tweaks
          [HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone\FCM ] (for 32-bit host) or
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\FCM]  (for 64-bit host)
          • "LogLevel" - Controls how much information is logged in FCM error logs. FCM creates a log in the Foundstone Logs directory for each of its three components: FCServer.log FCAgent.log FCConsole.log FCM.log (a very small log file that records only the initial startup of the FCServer)
          o DWORD
           0x1 - Log errors and warnings (Normal)
           0x7ab7 - Log errors, warnings, debug messages, and additional details (use only when necessary... log files will get very big very fast)

          • "ChunkSizeInKBytes" - Sets the maximum data packet ("chunk") size (in KB) for the FC server when sending updates to the Agent. Use this tweak when agents are having trouble recieving updates because they are on noisy networks or running on very slow machines.
          o DWORD
           0 (or not present) - Use the FCM default value of 1 MB
           1 to n - The chunk size, in KB

          >> FCM Service must be restarted for them to take effect

          API Server Tweaks
          [HKEY_LOCAL_MACHINE\Software\Foundstone\FSAPI] (for 32-bit host) or
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\FSAPI]  (for 64-bit host)
          • "SOAP Log" - Enables or Disables extended SOAP/API logging in the API Server
          o DWORD (bitmask)
           0x00 = no extra logs (default)
           0x03 = Create Soap Logs, and Extended API Logging

          >> API Service must be restarted for the tweak to take effect

           

          WebScan Module / WebScan Engine Tweaks
          [HKEY_LOCAL_MACHINE\Software\Foundstone\Foundscan\Tweaks] (for 32-bit host) or
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\Foundscan\Tweaks]  (for 64-bit host)
          • "WebScanLogLevel" - Defines the amount of logging the WebScan Engine will display
          o DWORD
           0 - returns level ERROR logs
           1 - returns level INFORMATIVE logs
           2 - returns level DEBUG logs
           3 – returns AUTHENTICATION attempts

           

          NOTE:  many of these tweaks can result in VERY LARGE LOG FILES.  Be sure to disable them if they aren't required for debugging purposes.  I usually suggest renaming them to "__<name>" so they're there if you need them again.

           

          I hope that helps!
          Cathy

          • 2. Re: MVM/Foundstone "tweaks"
            ritch

            Great help - thanks Cathy!

             

            Ritch