Configuring General Settings
General Settings allows you to define your data retention policy.
Scan Retention Settings
You can limit the amount of information retained in the main user interface, removing clutter and generally allowing you to easily manage your results. The default settings will retain the last 3 scans for each target (assuming the same scan profile was used), together with all the vulnerability information collected. Making a 4th scan will cause the oldest scan and its vulnerability information to be marked as "Archived".
π Archive Behaviour with Different Scan Profiles |
|
If you wish to retain a larger number of scans before archiving, you can adjust the settings here.
The list of vulnerabilities allows you to filter by "Archive Status", allowing you to view archived information as necessary.
Automatically Deleting Scans from the Archive
By default, Acunetix will retain archived scan and vulnerability information for 730 days (2 years), after which the archived data will be deleted. You can adjust this to any duration you prefer. If you wish to disable deleting of archived data, you achieve this behaviour by setting the number of days to a very large value (such as 73000 days or 100 years).
AcuSensor Bridge
Before deploying AcuSensor, you need to give some attention to the port number that Acunetix will use for incoming AcuSensor data. You will also need to ensure that the hostname (or ip address) that the AcuSensor agent uses to send AcuSensor data can be resolved by your web application machine.
By default, Acunetix will use port 7880 to listen for incoming AcuSensor data, and the hostname used by the deployed AcuSensor agent will be the one configured during the initial installation of Acunetix.
You can adjust these settings from the AcuSensor Bridge panel in the General Settings page:
You will need to ensure that:
- the Address field contains a hostname (or ip address) that the web application can resolve and use to reach your Acunetix installation
- the Port field contains a port number that has been correctly configured (generally using your router's port forwarding features) to send AcuSensor data into your Acunetix machine
- If you are using Acunetix Online, the AcuSensor will need to connect to https://acusensor.acunetix.comΒ (on port 443)
Log Settings
Data Retention policy for logs - Main Installation
You can customize data retention for Scan logs and System logs:
The data retention fields specify the number of days for which Acunetix will retain logs before deleting them. If you specify 0 days, logs are not deleted; this implies that you will need to ensure that your Acunetix machine does not run out of disk space.
Data Retention policy for logs - Engine-Only Installation
To customize the data retention policy for logs in an engine-only installation, you will need to manually adjust the following configuration file:
- Windows: C:\ProgramData\Acunetix\settings.ini
- Linux: /home/acunetix/.acunetix/wvs.ini
...by editing (or adding if they are not present) the following lines:
scan_log_data_retention=10 Β Β # default 0 (forever) backend_log_data_retention=5 Β # default 5 |
Customize location for logs
To customize the location of the log files, you will need to manually adjust the following configuration file:
- Windows: C:\ProgramData\Acunetix\settings.ini
- Linux: /home/acunetix/.acunetix/wvs.ini
...by editing (or adding if they are not present) the following lines (windows example):
logging.file.file_name=C:\ProgramData\Acunetix\logs\backend.log Β # system logs storage.scans=C:\ProgramData\Acunetix\shared\scans Β Β Β Β Β Β Β Β # scan logs |
or (linux example):
logging.file.file_name=~/.acunetix/logs/backend.log Β # system logs storage.scans=/home/acunetix/.acunetix/data/scans Β Β # scan logs |
or (MacOS example):
logging.file.file_name=/Applications/Acunetix.app/Contents/Resources/logs/backend.log Β Β # system logs storage.scans=/Applications/Acunetix.app/Contents/Resources/data/scans Β Β Β Β Β Β Β Β Β # scan logs |
How to edit the Acunetix settings.xml file
The most common Acunetix settings can be configured from the Acunetix user interface, usually from within the settings of each target. The more advanced settings are found in the settings.xml file, which you can find in:
- Windows: C:\ProgramData\Acunetix\shared\general\settings.xml
- Linux: /home/acunetix/.acunetix/data/general/settings.xml
- MacOS: /Applications/Acunetix.app/Contents/Resources/data/general/settings.xml
Advanced settings that you can find in the settings.xml file include:
- File extensions that should not be processed by Acunetix (e.g. avi)
- HTTP headers to be manipulated by the scanner
- Parameters that should be excluded
- Ad blocker settings
- Session timeout
- HTTP cache
- Various scanning thresholds
- Default values for HTTP form inputs
There are situations where you may need to edit one of these settings or introduce your own settings. You can do it by creating a file called custom_settings.xml and adding your custom settings in this new file. When doing this, you need to replicate the XML structure of the original settings.xml file.
The custom_settings.xml file should be created in one of the following locations:
- Windows: C:\ProgramData\Acunetix\shared\general\custom_settings.xml
- Linux: /home/acunetix/.acunetix/data/general/custom_settings.xml
- MacOS: /Applications/Acunetix.app/Contents/Resources/data/general/custom_settings.xml
Although you can edit the settings.xml file directly, you should avoid it since the settings.xml file will be overwritten when Acunetix is upgraded. On the other hand, the custom_settings.xml file is retained when upgrading.