How do I get nmap to not log hosts that are down?

Question

I currently run scans against 16 different /24s on a daily basis using the following script:

#!/bin/sh
TODAY=`date +"%d-%m-%y"`
OPTIONS="--open --reason -oX /var/log/nmap/XXX/scan-$TODAY.xml -F x.x.x.0/24"
nmap $OPTIONS
rm /var/log/nmap/XXX/yesterday.xml
mv /var/log/nmap/XXX/today.xml /var/log/nmap/XXX/yesterday.xml
ln -s /var/log/nmap/XXX/scan-$TODAY.xml /var/log/nmap/XXX/today.xml

If I run the nmap command outside of the script and let it output to the console, it doesn't show any hosts that are down, but when I use the -oX flag to output to an xml file so that I can ndiff it later, the hosts that are down are listed.

How do I get nmap to ignore these hosts, not log them, etc? Thanks!

Edit: Just to make sure we're all on the same page, the company I work for owns all of the /24s that I am scanning. =)

Answer 1

I think it is related to the port scanning. If you are not interested in port scanning then you can remove down hosts with this command:

nmap -sn x.x.x.x/24 -oX /var/log/nmap/XXX/scan-$TODAY.xml

In fact, contrary to your purpose, I really needed to know which hosts were down and I figured it out a -v was enough to do the job:

nmap -v -sn x.x.x.x/24 -oX /var/log/nmap/XXX/scan-$TODAY.xml

Hope it helps ;)

Answer 2

Looks like the down host listing is by design, or at least, I haven't been able to turn this feature off either.

Would it be acceptable to filter nmap's output to remove unwanted entries?

OPTIONS="--open --reason -oX - -F x.x.x.0/24"
nmap $OPTIONS \
    | sed -e '/<host><status state="down" reason="no-response"\/>/,/<\/host>/d' \
    > /var/log/nmap/XXX/scan-$TODAY.xml

The matching seems to be ungreedy, as it should, but be wary and check it out.