From 262e9e5dbc943cc0d2f81e32b7d1a7bd41bcf18f Mon Sep 17 00:00:00 2001
From: David Gidwani <david.gidwani@gmail.com>
Date: Thu, 27 Jul 2017 14:10:57 -0400
Subject: [PATCH] login to Nessus before each scan export, rather than once at
 startup

---
 _meta/beat.yml       |  4 ++--
 beater/nessusbeat.go | 17 ++++++++---------
 nessusbeat.full.yml  |  2 ++
 nessusbeat.yml       |  2 ++
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/_meta/beat.yml b/_meta/beat.yml
index eecadf9..f756af6 100644
--- a/_meta/beat.yml
+++ b/_meta/beat.yml
@@ -4,9 +4,9 @@
 
 nessusbeat:
   report_path: /opt/nessus/var/nessus/users/admin/reports
-  # Path to root certificates.
   #cacert_path:
-  # The Nessus API URL.
   #api_url:
   #api_username:
   #api_password:
+
+name: nessusbeat
diff --git a/beater/nessusbeat.go b/beater/nessusbeat.go
index 9aa84e3..badb10f 100644
--- a/beater/nessusbeat.go
+++ b/beater/nessusbeat.go
@@ -106,15 +106,6 @@ func (bt *Nessusbeat) Run(b *beat.Beat) error {
 	bt.client = b.Publisher.Connect()
 	results := make(chan []byte)
 
-	nessus, err := bt.NewConnection()
-	if err != nil {
-		logp.WTF(err.Error())
-	}
-	if err = bt.Login(*nessus); err != nil {
-		logp.WTF(err.Error())
-	}
-	defer (*nessus).Logout()
-
 	go func() {
 		for {
 			select {
@@ -127,6 +118,14 @@ func (bt *Nessusbeat) Run(b *beat.Beat) error {
 					var csv []byte
 					err = backoff.RetryNotify(
 						func() error {
+							nessus, err := bt.NewConnection()
+							if err != nil {
+								logp.WTF(err.Error())
+							}
+							if err = bt.Login(*nessus); err != nil {
+								logp.WTF(err.Error())
+							}
+							defer (*nessus).Logout()
 							csv, err = bt.ExportScanCSV(*nessus, uuid)
 							return err
 						},
diff --git a/nessusbeat.full.yml b/nessusbeat.full.yml
index e7524e2..63a7fcb 100644
--- a/nessusbeat.full.yml
+++ b/nessusbeat.full.yml
@@ -9,6 +9,8 @@ nessusbeat:
   #api_username:
   #api_password:
 
+name: nessusbeat
+
 #================================ General ======================================
 
 # The name of the shipper that publishes the network data. It can be used to group
diff --git a/nessusbeat.yml b/nessusbeat.yml
index d959612..7b2cbf5 100644
--- a/nessusbeat.yml
+++ b/nessusbeat.yml
@@ -9,6 +9,8 @@ nessusbeat:
   #api_username:
   #api_password:
 
+name: nessusbeat
+
 #================================ General =====================================
 
 # The name of the shipper that publishes the network data. It can be used to group