Understand the logs in Containerized Scanner
All the containerized scanner logs can be seen using the following command. This command gives an output of all logs from the containerized scanner since startup.
docker logs -f <containerized scanner name>
Use the following sample:
Containerized Scanner Logs
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Version: qCSS-1.0.47-1
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Hostname: d5f65c6bc15e
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Host memory in MiB: 7940
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Host swap in MiB: 15257
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Host CPU(s): 4
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Host CPU Model: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Hypervisor vendor: VMware
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Host uname: Linux d5f65c6bc15e 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64 x86_64 x86_64 GNU/Linux
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Host cmdline BOOT_IMAGE=/vmlinuz-6.1.0-21-amd64 root=UUID=69935025-dcb8-4d6a-b9e0-1ebc53b9166e ro security=selinux quiet
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container Env: docker
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container ID: d5f65c6bc15e
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container memory in MiB: 7940
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container swap in MiB: 15257
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container CPU(s): 4
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container CPU quota: unlimited
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: IPv4: 172.17.0.2:255.255.0.0 gw=172.17.0.1
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: IPv6: no
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Nameservers: 10.0.100.10 10.0.100.11
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Job service polling interval: 30 sec
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Update service polling interval 30 min
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Platform info service polling interval: 10 min
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container initial limits:
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Limit Soft Limit Hard Limit Units
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max cpu time unlimited unlimited seconds
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max file size unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max data size unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max stack size 8388608 unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max core file size unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max resident set unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max processes unlimited unlimited processes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max open files 1048576 1048576 files
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max locked memory 8388608 8388608 bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max address space unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max file locks unlimited unlimited locks
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max pending signals 31513 31513 signals
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max msgqueue size 819200 819200 bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max nice priority 0 0
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max realtime priority 0 0
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max realtime timeout unlimited unlimited us
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Container current limits:
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Limit Soft Limit Hard Limit Units
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max cpu time unlimited unlimited seconds
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max file size unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max data size unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max stack size 8388608 unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max core file size unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max resident set unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max processes unlimited unlimited processes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max open files 1024 10240 files
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max locked memory 8388608 8388608 bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max address space unlimited unlimited bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max file locks unlimited unlimited locks
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max pending signals 31513 31513 signals
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max msgqueue size 819200 819200 bytes
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max nice priority 0 0
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max realtime priority 0 0
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Max realtime timeout unlimited unlimited us
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: Current: = cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap+ep
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: Securebits: 00/0x0/1'b0
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: secure-noroot: no (unlocked)
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: secure-no-suid-fixup: no (unlocked)
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: secure-keep-caps: no (unlocked)
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: uid=0(root)
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: gid=0(root)
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice capabilities: groups=0(root)
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Personalization code: 70676785206617
2024-06-06T09:46:47+37205152 d5f65c6bc15e user.notice init: Qualys POD URL: https://qualysguard.p06.eng.sjc01.qualys.com
- Version indicates QCSA Image Version.
- Hostname and Container ID can be different. They do not necessarily need to be the same.
- Host memory, Host swap, Host CPU and Host CPU Model, these Linux host resources are printed in logs.
- Hypervisor vendor indicates the hypervisor responsible for virtualizing Linux host.
- Host uname indicates Linux host Kernel details.
- Container Env shows the environment in which the Containerized Scanner is created.
- Container memory, Container Swap, Container CPU, and Container CPU Qcontainer resources are printed in logs. Container CPU(s) shows the number of CPU(s) allocated to the Containerized Scanner, and Container CPU Quota shows the restricted CPU(s) for the Containerized Scanner. Unlimited specifies that CPU(s) are not limited, and all allocated CPU(s) are used.
- IPv4, IPv6 & Nameservers are network configurations for Containerized Scanner.
- The Job service polling interval, Update service polling interval & Platform info service polling interval show the configured values for the said intervals.
- Next section of logs shows Container Limits and Capabilities.
- Personalization code describes the Personalization code used for personalizing Containerized Scanner.
- Qualys POD URL describes the Qualys Enterprise TruRisk™ Platform Server's Security Operations Center (SOC) URL.
- Qualys strongly recommends against running a containerized scanner in rootless mode, as it may impact scan performance and the consistency of vulnerability results. The following log messages warn users when the containerized scanner is run in rootless mode.
It is strongly recommended to run this container in rootfull mode. Current UID=0 maps to external UID=1000 Heads up: running in rootless container mode can impact scan performance and the consistency of vulnerability results That’s because the network stack is emulated, and NAT happens in user space If you understand the risks and still want to go ahead, add: -e AUTHORIZE_ROOTLESS=yes
- The following log messages can be used to indicate the UID mode (rootful or rootless) in which the QCSA containerized scanner is running.
Rootfull mode:2025-07-02T23:32:02+30375229 2532724bd68f user.notice init: UID info: uid=0(root) gid=0(root) groups=0(root) 2025-07-02T23:32:02+30375229 2532724bd68f user.notice init: UID mapping: 2025-07-02T23:32:02+30375229 2532724bd68f user.notice init: 0 0 4294967295 2025-07-02T23:32:02+30375229 2532724bd68f user.notice init: UID mode: Rootfull
Rootless mode:
2025-07-02T23:48:03+52042601 21702a34d842 user.notice init: UID info: uid=0(root) gid=0(root) groups=0(root) 2025-07-02T23:48:03+52042601 21702a34d842 user.notice init: UID mapping: 2025-07-02T23:48:03+52042601 21702a34d842 user.notice init: 0 1000 1 2025-07-02T23:48:03+52042601 21702a34d842 user.notice init: 1 100000 65536 2025-07-02T23:48:03+52042601 21702a34d842 user.notice init: UID mode: Rootless, host user ID=1000
- A low cgroups PID limit on the Linux host may prevent the QCSA containerized scanner from executing larger scans. Below log messages alert users when this limit is detected and to offer options on either removing the PID restriction or bypassing the check by overriding it.
cgroups pids.The max value is set and it's too low (2048) for even a moderately sized scan job. Use the --pids-limit -1 option to remove the limit, or the -e DISREGARD_PID_LIMIT=yes option to override the check.
- Vulnerability scanning requires RAW sockets. Containerized scanner in rootless mode with host networking configured, may affect vulnerability scanning abilities, as it cannot access RAW sockets due to insufficient privileges. Below intentional check has been introduced blocks the use of rootless mode with host networking.
Vulnerability scannning requires use of RAW sockets, but the socket() call test has failed. It may happen when a container runs in rootless mode while configured to use host networking.