Skip to main content

Kaspersky

Overview

Kasperky is a cybersecurity and anti-virus provider founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik.

The Centreon Monitoring Connector Kaspersky aims to collect the condition of the Administration Server and managed products with the SNMP protocol.

Monitoring Connector assets

Monitored objects

  • Kaspersky Security Center

Collected Metrics

Metric nameDescription
hosts.antivirus.installed.countNumber of successful remote installations
hosts.antivirus.install.failed.countNumber of failed remote installations
hosts.expiring.licence.countNumber of hosts with expiring licence
hosts.expired.licence.countNumber of hosts with expired licence

Prerequisites

Kasperky Security Center configuration

To use this pack, the SNMP service must be properly configured on your Kaspersky Security Center. Kaspersky provides an official documentation to achieve this: https://support.kaspersky.com/12603#block3

Network flow

The Kaspersky Security Center must be reachable from the Centreon Poller on the UDP/161 SNMP port.

Setup

  1. Install the Centreon Kaspersky package on every Centreon poller expected to monitor a Kaspersky Security Center:
yum install centreon-plugin-Applications-Antivirus-Kaspersky-Snmp
  1. On the centreon Web interface, install the Kaspersky Centreon Monitoring Connector on the Configuration > Monitoring Connector Manager page

Host configuration

  • Log into Centreon and add a new Host through "Configuration > Hosts".
  • Fill the "Name", "Alias" & "IP Address / DNS" fields according to your Kaspersky Security Center settings
  • Select the App-Antivirus-Kaspersky-SNMP-custom template to apply to the Host.

When using SNMP v3, use the SNMPEXTRAOPTIONS Macro to add specific authentication parameters More information in the Troubleshooting SNMP section.

MandatoryNameDescription
SNMPEXTRAOPTIONSConfigure your own SNMPv3 credentials combo

FAQ

How do I run my plugin through the CLI and what do the main parameters stand for?

Once you've installed the plugin, you can test it logging with centreon-engine user:

/usr/lib/centreon/plugins//centreon_kaspersky_snmp.pl \
--plugin=apps::antivirus::kaspersky::snmp::plugin --mode=protection \
--hostname=10.0.0.1 --snmp-version='2c' --snmp-community='kaseprsky_ro' \
--warning-status='%{status} =~ /Warning/i' --critical-status='%{status} =~ /Critical/i'
--warning-no-antivirus='0' --critical-no-antivirus='' --warning-no-real-time='0' --critical-no-real-time='' \
--warning-not-acceptable-level='0' --critical-not-acceptable-level='' \
--warning-not-cured-objects='0' --critical-not-cured-objects='' \
--warning-too-many-threats='0' --critical-too-many-threats='' \
--warning-too-many-threats='0' --critical-too-many-threats='' \
--use-new-perfdata

Expected command output is shown below:

WARNING: 2 host(s) without running antivirus - 1 hosts(s) without running real time protection - 8 host(s) with not cured objects - 5 host(s) with too many threats | 'protection.hosts.antivirus.notrunning.count'=2;0:0;;0; 'protection.hosts.realtime.notrunning.count'=1;0:0;;0; 'protection.hosts.realtime.unacceptable.level.count'=0;0:0;;0; 'protection.hosts.uncured.objects.count'=8;0:0;;0; 'protection.hosts.toomanythreats.count'=5;0:0;;0;

In this example, the Plugin gets protection status of the hosts managed by the Kaspersky Antivirus Manager (--plugin=apps::antivirus::kaspersky::snmp::plugin--mode=protection) by requesting the Kaspersky Security Center using the SNMP protocol at 10.0.0.1 (--hostname='10.0.0.1' --snmp-version='2c' --snmp-community='kaseprsky_ro').

This command will trigger an alarm when the global protection status is not OK (--warning-status='%{status} =~ /Warning/i' --critical-status='%{status} =~ /Critical/i') or when the number of host without antivirus or an unsatisfying level of protection is above 0 (--warning-no-antivirus='0' --warning-not-acceptable-level='0').

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins//centreon_kaspersky_snmp.pl \
--plugin=apps::antivirus::kaspersky::snmp::plugin \
--mode=deployment \
--help

All Plugin modes can be listed with the following command:

/usr/lib/centreon/plugins//centreon_kaspersky_snmp.pl \
--plugin=apps::antivirus::kaspersky::snmp::plugin \
--list-mode

UNKNOWN: SNMP GET Request : Timeout

If you get this message, you're probably facing one of theses issues:

  • Your SNMP server isn't started or misconfigured
  • An external device is blocking your request (firewall, ...)

UNKNOWN: SNMP GET Request : Cant get a single value.

This message generally means that SNMP privileges are not wide enough for the mode/plugin to work properly.