Configuring General Settings

General Settings allows you to define your data retention policy.

Scan Retention Settings

You can limit the amount of information retained in the main user interface, removing clutter and generally allowing you to easily manage your results. The default settings will retain the last 3 scans for each target (assuming the same scan profile was used), together with all the vulnerability information collected. Making a 4th scan will cause the oldest scan and its vulnerability information to be marked as "Archived".

πŸ” Archive Behaviour with Different Scan Profiles

  • If you have made 3 scans with the "Cross-site Scripting" profile and 3 scans with the "SQL Injection" profile for the same target, all 6 scans will be retained and will not be archived (unless you make a 4th scan for one of those 2 profiles).
  • If you make a scan with the "Full Scan" profile, it will trigger archiving ALSO of scans made with any other profile β€” the "Full Scan" profile checks for all known vulnerabilities, and the scan and vulnerability information inside is therefore a superset of the results made with ANY other profile.
  • All "Recheck" scans

If you wish to retain a larger number of scans before archiving, you can adjust the settings here.

The list of vulnerabilities allows you to filter by "Archive Status", allowing you to view archived information as necessary.

Automatically Deleting Scans from the Archive

By default, Acunetix will retain archived scan and vulnerability information for 730 days (2 years), after which the archived data will be deleted. You can adjust this to any duration you prefer. If you wish to disable deleting of archived data, you achieve this behaviour by setting the number of days to a very large value (such as 73000 days or 100 years).

AcuSensor Bridge

Before deploying AcuSensor, you need to give some attention to the port number that Acunetix will use for incoming AcuSensor data. You will also need to ensure that the hostname (or ip address) that the AcuSensor agent uses to send AcuSensor data can be resolved by your web application machine.

By default, Acunetix will use port 7880 to listen for incoming AcuSensor data, and the hostname used by the deployed AcuSensor agent will be the one configured during the initial installation of Acunetix.

You can adjust these settings from the AcuSensor Bridge panel in the General Settings page:

You will need to ensure that:

  • the Address field contains a hostname (or ip address) that the web application can resolve and use to reach your Acunetix installation
  • the Port field contains a port number that has been correctly configured (generally using your router's port forwarding features) to send AcuSensor data into your Acunetix machine

Log Settings

Data Retention policy for logs - Main Installation

You can customize data retention for Scan logs and System logs:

The data retention fields specify the number of days for which Acunetix will retain logs before deleting them. If you specify 0 days, logs are not deleted; this implies that you will need to ensure that your Acunetix machine does not run out of disk space.

Data Retention policy for logs - Engine-Only Installation

To customize the data retention policy for logs in an engine-only installation, you will need to manually adjust the following configuration file:

  • Windows: C:\ProgramData\Acunetix\settings.ini
  • Linux: /home/acunetix/.acunetix/wvs.ini editing (or adding if they are not present) the following lines:

scan_log_data_retention=10 Β  Β # default 0 (forever)

backend_log_data_retention=5 Β # default 5

Customize location for logs

To customize the location of the log files, you will need to manually adjust the following configuration file:

  • Windows: C:\ProgramData\Acunetix\settings.ini
  • Linux: /home/acunetix/.acunetix/wvs.ini editing (or adding if they are not present) the following lines (windows example):

logging.file.file_name=C:\ProgramData\Acunetix\logs\backend.log Β  # system logs

storage.scans=C:\ProgramData\Acunetix\shared\scans Β  Β  Β  Β  Β  Β  Β  Β # scan logs

or (linux example):

logging.file.file_name=~/.acunetix/logs/backend.log Β  # system logs

storage.scans=/home/acunetix/.acunetix/data/scans Β  Β  # scan logs

or (MacOS example):

logging.file.file_name=/Applications/ Β  Β # system logs

storage.scans=/Applications/ Β  Β  Β  Β  Β  Β  Β  Β  Β  # scan logs

How to edit the Acunetix settings.xml file

The most common Acunetix settings can be configured from the Acunetix user interface, usually from within the settings of each target. The more advanced settings are found in the settings.xml file, which you can find in:

  • Windows: C:\ProgramData\Acunetix\shared\general\settings.xml
  • Linux: /home/acunetix/.acunetix/data/general/settings.xml
  • MacOS: /Applications/

Advanced settings that you can find in the settings.xml file include:

  • File extensions that should not be processed by Acunetix (e.g. avi)
  • HTTP headers to be manipulated by the scanner
  • Parameters that should be excluded
  • Ad blocker settings
  • Session timeout
  • HTTP cache
  • Various scanning thresholds
  • Default values for HTTP form inputs

There are situations where you may need to edit one of these settings or introduce your own settings. You can do it by creating a file called custom_settings.xml and adding your custom settings in this new file. When doing this, you need to replicate the XML structure of the original settings.xml file.

The custom_settings.xml file should be created in one of the following locations:

  • Windows: C:\ProgramData\Acunetix\shared\general\custom_settings.xml
  • Linux: /home/acunetix/.acunetix/data/general/custom_settings.xml
  • MacOS: /Applications/

Although you can edit the settings.xml file directly, you should avoid it since the settings.xml file will be overwritten when Acunetix is upgraded. On the other hand, the custom_settings.xml file is retained when upgrading.


Β« Back to the Acunetix Support Page