Monitor F-Secure with SNMP

Hi friends.

I use zabbix to monitor my servers and workstations. I would like to monitor F-Secure with SNMP, but I can´t find the MIB with all OID.

Do you know how to make this monitor ? I Need the following checks.

1. Services - it´s working - I got with service_state

2. Virus Database - I got the information using fsav -version, and getting the information, but I would like to get with SNMP

3. Status of AV - Sometimes my AV goes to state MalFunction - I want to generate a trigger to alert in my zabbix console

4. Virus Found - I can get the information, searching the event log, but i want a SNMP Trap, or SNMP

All these way to get the information demands extensive work. I want to make the things more simple.

Thanks

Daniel Bastos.

Find more posts tagged with

Comments

Vizo

Did you ever finish that zabbix template?

@Vizo wrote:
Please give a shout when you have gotten some where with this. I just started using zabbix and would love to try your template

Vizo

Please give a shout when you have gotten some where with this. I just started using zabbix and would love to try your template

DanielBastos

Hi Peter,

Your post is everything that i need to create my Template to Zabbix. When its ready i will sharing in this community.

Thanks.

Daniel.

Peter

Hi,

I hope the answer below is useful. It describes usage of the polutil.exe tool but also exposes the actual OIDs queried, which should prove useful for the SNMP scenario. As the Anti-Virus component (1.3.6.1.4.1.2213.12.* ) is shared by both our workstation and server products, the information applies for both products.

If you have any questions or comments, shoot!

Anti-Virus status can be obtained by executing the following command using the executable POLUTIL.EXE, located in Common directory under the root of the product's installation directory:

POLUTIL.EXE g 1.3.6.1.4.1.2213.12.2.140

This prints an integer value to standard output which the caller may direct to a file if needed. The value can be one of:

0 Status unknown

16 Disabled: the product may be unloaded, or Anti-Virus real-time scanning is disabled

17 Expired: the product's license has expired, the product is no longer active

18 Malfunction: the product is not protecting the user due to malfunction

32 Active, up to date: the product is protecting the user and the signatures are up to date

33 Active, not up to date: the product is protecting the user but the virus definitions are not up to date

4 Active, very out of date: the product is enabled but the virus definitions are so old that the system is considered not protected

35 Active, virus definitions not installed: the product is enabled but the virus definitions are not available, the system is considered not protected

Related to this, you can also read the exact virus definitions serial number using following command:

POLUTIL.EXE g 1.3.6.1.4.1.2213.12.2.125

The above command will print the serial number of the currently installed virus definitions. The serial number has the format "YYYY-MM-DD_nn".

Example output

C:\Program Files\F-Secure\common>POLUTIL.EXE g 1.3.6.1.4.1.2213.12.2.140

32

C:\Program Files\F-Secure\common>POLUTIL.EXE g 1.3.6.1.4.1.2213.12.2.125

2006-10-08_01