Skip to main content

McAfee Web Gateway

Overview​

McAfee Web Gateway is a proxy platform that provides proactive Web traffic scanning and threat blocking with advanced real-time malware inspection techniques.

The Centreon Plugin-Pack McAfee Web Gateway aims to collect signature databases versions and Web and malware detections statistics using the SNMP protocol.

Plugin-Pack assets​

Monitored objects​

  • McAfee Web Gateway proxy

Monitored metrics​

Metric nameDescription
clients.connected.countThe number of connected client
sockets.connected.countThe number of open network sockets

Prerequisites​

McAfee Web Gateway proxy configuration​

To use this pack, the SNMP service must be properly configured on your McAfee Web Gateway. McAfee provides an official documentation to achieve this:

Network flow​

The McAfee Web Gateway proxy must be reachable from the Centreon Poller on the UDP/161 SNMP port.

Setup​

  1. Install the Centreon McAfee Web Gateway Plugin package on every Centreon Poller expected to monitor a McAfee Web Gateway proxy:
yum install centreon-plugin-Applications-Antivirus-Mcafee-Webgateway-Snmp
  1. On the Centreon Web interface, install the McAfee Web Gateway Centreon Plugin-Pack on the "Configuration > Plugin Packs > Manager" page

Configuration​

Host configuration​

  • Log into Centreon and add a new Host through "Configuration > Hosts".
  • Fill the "Name", "Alias" & "IP Address / DNS" fields according to your a McAfee Web Gateway proxy settings
  • Select the App-Antivirus-Mcafee-Webgateway-SNMP-custom template to apply to the Host.

If you are using SNMP Version 3, use the SNMPEXTRAOPTIONS Macro to configure your own SNMPv3 credentials combo.

MandatoryNameDescription
SNMPEXTRAOPTIONSConfigure your own SNMPv3 credentials combo

FAQ​

How do I run my plugin through the CLI and what do the main parameters stand for?​

Once you've installed the plugin, you can test it logging with centreon-engine user:

/usr/lib/centreon/plugins/centreon_mcafee_webgateway_snmp.pl \
--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin \
--mode=clients \
--hostname=10.0.0.1 \
--snmp-version='2c' \
--snmp-community='my-snmp-community' \
--filter-counters='' \
--warning-clients='' \
--critical-clients='30' \
--warning-sockets='' \
--critical-sockets='70' \
--use-new-perfdata

Expected command output is shown below:

OK: Connected clients: 10, Open network sockets: 50 | 'clients.connected.count'=10;0:20;0:30;0;  'sockets.connected.count'=50;0:60;0:70;0;

In this example, the Plugin gets the number of connected clients (--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin--mode=client) by requesting the McAfee Web Gateway using the SNMP protocol at 10.0.0.1 (--hostname='10.0.0.1' --snmp-version='2c' --snmp-community='mysnmpcommunity').

This command will trigger an alarm when the number of connected clients is greater than 30 (--critical-clients='30') or the number of open network sockets is greater then 70 (--critical-sockets='70')

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins/centreon_mcafee_webgateway_snmp.pl \
--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin \
--mode=clients \
--help

All Plugin modes can be listed with the following command:

/usr/lib/centreon/plugins/centreon_mcafee_webgateway_snmp.pl \
--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin \
--list-mode

Troubleshooting​

UNKNOWN: SNMP GET Request : Timeout​

If you get this message, you're probably facing one of theses issues:

  • Your SNMP server isn't started or misconfigured

  • An external device is blocking your request (firewall, ...)

UNKNOWN: SNMP GET Request : Cant get a single value.​

This message generally means that SNMP privileges are not wide enough for the mode/plugin to work properly. The SNMP agent must be able to access the branch .1.3.6.1.4.1.1230.