Skip to main content

Kaspersky

Overview​

Kasperky is a cybersecurity and anti-virus provider founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik.

The Centreon Plugin-Pack Kaspersky aims to collect the condition of the Administration Server and managed products with the SNMP protocol.

Plugin-Pack assests​

Monitored objects​

  • Kaspersky Security Center

Collected Metrics​

Metric nameDescription
hosts.antivirus.installed.countNumber of successful remote installations
hosts.antivirus.install.failed.countNumber of failed remote installations
hosts.expiring.licence.countNumber of hosts with expiring licence
hosts.expired.licence.countNumber of hosts with expired licence

Prerequisites​

Kasperky Security Center configuration​

To use this pack, the SNMP service must be properly configured on your Kaspersky Security Center. Kaspersky provides an official documentation to achieve this: https://support.kaspersky.com/12603#block3

Network flow​

The Kaspersky Security Center must be reachable from the Centreon Poller on the UDP/161 SNMP port.

Setup​

  1. Install the Centreon Kaspersky Plugin package on every Centreon poller expected to monitor a Kaspersky Security Center:
yum install centreon-plugin-Applications-Antivirus-Kaspersky-Snmp
  1. On the centreon Web interface, install the Kaspersky Centreon Plugin-Pack on the "Configuration > Plugin Packs > Manager" page

Host configuration​

  • Log into Centreon and add a new Host through "Configuration > Hosts".
  • Fill the "Name", "Alias" & "IP Address / DNS" fields according to your Kaspersky Security Center settings
  • Select the App-Antivirus-Kaspersky-SNMP-custom template to apply to the Host.

If you are using SNMP Version 3, use the SNMPEXTRAOPTIONS Macro to configure your own SNMPv3 credentials combo.

MandatoryNameDescription
SNMPEXTRAOPTIONSConfigure your own SNMPv3 credentials combo

FAQ​

How do I run my plugin through the CLI and what do the main parameters stand for?​

Once you've installed the plugin, you can test it logging with centreon-engine user:

/usr/lib/centreon/plugins//centreon_kaspersky_snmp.pl \
--plugin=apps::antivirus::kaspersky::snmp::plugin --mode=protection \
--hostname=10.0.0.1 --snmp-version='2c' --snmp-community='kaseprsky_ro' \
--warning-status='%{status} =~ /Warning/i' --critical-status='%{status} =~ /Critical/i'
--warning-no-antivirus='0' --critical-no-antivirus='' --warning-no-real-time='0' --critical-no-real-time='' \
--warning-not-acceptable-level='0' --critical-not-acceptable-level='' \
--warning-not-cured-objects='0' --critical-not-cured-objects='' \
--warning-too-many-threats='0' --critical-too-many-threats='' \
--warning-too-many-threats='0' --critical-too-many-threats='' \
--use-new-perfdata

Expected command output is shown below:

WARNING: 2 host(s) without running antivirus - 1 hosts(s) without running real time protection - 8 host(s) with not cured objects - 5 host(s) with too many threats | 'protection.hosts.antivirus.notrunning.count'=2;0:0;;0; 'protection.hosts.realtime.notrunning.count'=1;0:0;;0; 'protection.hosts.realtime.unacceptable.level.count'=0;0:0;;0; 'protection.hosts.uncured.objects.count'=8;0:0;;0; 'protection.hosts.toomanythreats.count'=5;0:0;;0;

In this example, the Plugin gets protection status of the hosts managed by the Kaspersky Antivirus Manager (--plugin=apps::antivirus::kaspersky::snmp::plugin--mode=protection) by requesting the Kaspersky Security Center using the SNMP protocol at 10.0.0.1 (--hostname='10.0.0.1' --snmp-version='2c' --snmp-community='kaseprsky_ro').

This command will trigger an alarm when the global protection status is not OK (--warning-status='%{status} =~ /Warning/i' --critical-status='%{status} =~ /Critical/i') or when the number of host without antivirus or an unsatisfying level of protection is above 0 (--warning-no-antivirus='0' --warning-not-acceptable-level='0').

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins//centreon_kaspersky_snmp.pl \
--plugin=apps::antivirus::kaspersky::snmp::plugin \
--mode=deployment \
--help

All Plugin modes can be listed with the following command:

/usr/lib/centreon/plugins//centreon_kaspersky_snmp.pl \
--plugin=apps::antivirus::kaspersky::snmp::plugin \
--list-mode

UNKNOWN: SNMP GET Request : Timeout​

If you get this message, you're probably facing one of theses issues:

  • Your SNMP server isn't started or misconfigured
  • An external device is blocking your request (firewall, ...)

UNKNOWN: SNMP GET Request : Cant get a single value.​

This message generally means that SNMP privileges are not wide enough for the mode/plugin to work properly.