McAfee Web Gateway
Overviewβ
McAfee Web Gateway is a proxy platform that provides proactive Web traffic scanning and threat blocking with advanced real-time malware inspection techniques.
The Centreon Monitoring Connector McAfee Web Gateway aims to collect signature databases versions and Web and malware detections statistics using the SNMP protocol.
Monitoring Connector assetsβ
Monitored objectsβ
- McAfee Web Gateway proxy
Monitored metricsβ
- Clients
- Connections
- Detections
- Ftpstatistics
- Httpstatistics
- Httpsstatistics
- Versions
Metric name | Description |
---|---|
clients.connected.count | The number of connected client |
sockets.connected.count | The number of open network sockets |
Metric name | Description | Unit |
---|---|---|
connections.legitimate.persecond | The number of legitimate connections per second | connections/s |
connections.blocked.persecond | The number of blocked connections per second | connections/s |
connections.antimalware.blocked.persecond | The number of connections blocked by the Anti Malware per second | connections/s |
connections.mediafilter.blocked.persecond | The number of connections blocked by the Media Filter per second | connections/s |
connections.urlfilter.blocked.persecond | The number of connections blocked by the URL Filter per second | connections/s |
- Global
Metric name | Description | Unit |
---|---|---|
malwares.detected.persecond | The number of malware detected per second | detections/s |
- Per categories
Metric name | Description | Unit |
---|---|---|
categoryname#category.malwares.detected.persecond | The number of malware detected per second | detections/s |
Metric name | Description | Unit |
---|---|---|
ftp.traffic.clienttoproxy.bitspersecond | FTP traffic from client to proxy | b/s |
ftp.traffic.servertoproxy.bitspersecond | FTP traffic from server to proxy | b/s |
ftp.traffic.proxytoclient.bitspersecond | FTP traffic from proxy to client | b/s |
ftp.traffic.proxytoserver.bitspersecond | FTP traffic from proxy to server | b/s |
Metric name | Description | Unit |
---|---|---|
http.requests.persecond | The number of HTTP request per second | |
http.traffic.clienttoproxy.bitspersecond | HTTP traffic from client to proxy | b/s |
http.traffic.servertoproxy.bitspersecond | HTTP traffic from server to proxy | b/s |
http.traffic.proxytoclient.bitspersecond | HTTP traffic from proxy to client | b/s |
http.traffic.proxytoserver.bitspersecond | HTTP traffic from proxy to server | b/s |
Metric name | Description | Unit |
---|---|---|
https.requests.persecond | The number of HTTPS request per second | |
https.traffic.clienttoproxy.bitspersecond | HTTPS traffic from client to proxy | b/s |
https.traffic.servertoproxy.bitspersecond | HTTPS traffic from server to proxy | b/s |
https.traffic.proxytoclient.bitspersecond | HTTPS traffic from proxy to client | b/s |
https.traffic.proxytoserver.bitspersecond | HTTPS traffic from proxy to server | b/s |
Metric name | Description |
---|---|
dat-version | DAT version |
tsdb-version | TrustedSource Database Version |
proactive-version | ProActive Database Version |
Prerequisitesβ
McAfee Web Gateway proxy configurationβ
To use this pack, the SNMP service must be properly configured on your McAfee Web Gateway. McAfee provides an official documentation to achieve this:
- https://docs.mcafee.com/bundle/web-gateway-8.2.x-product-guide/page/GUID-7F25543B-2BE5-47A5-BC40-AEEF65F5D156.html
- https://docs.mcafee.com/bundle/web-gateway-8.2.x-interface-reference-guide/page/GUID-92B0527B-9709-43DD-AEDC-FE82966AC6EF.html
Network flowβ
The McAfee Web Gateway proxy must be reachable from the Centreon Poller on the UDP/161 SNMP port.
Setupβ
- Online License
- Offline License
- Install the Centreon McAfee Web Gateway package on every Centreon Poller expected to monitor a McAfee Web Gateway proxy:
yum install centreon-plugin-Applications-Antivirus-Mcafee-Webgateway-Snmp
- On the Centreon Web interface, install the McAfee Web Gateway Centreon Monitoring Connector on the Configuration > Monitoring Connectors Manager page
- Install the Centreon McAfee Web Gateway package on every Centreon Poller expected to monitor a McAfee Web Gateway proxy:
yum install centreon-plugin-Applications-Antivirus-Mcafee-Webgateway-Snmp
- Install the Centreon Monitoring Connector RPM on the Centreon Central server:
yum install centreon-pack-applications-antivirus-mcafee-webgateway-snmp
- On the Centreon Web interface, install the McAfee Web Gateway Centreon Monitoring Connector on the Configuration > Monitoring Connectors Manager page
Configurationβ
Host configurationβ
- Log into Centreon and add a new Host through "Configuration > Hosts".
- Fill the "Name", "Alias" & "IP Address / DNS" fields according to your a McAfee Web Gateway proxy settings
- Select the App-Antivirus-Mcafee-Webgateway-SNMP-custom template to apply to the Host.
When using SNMP v3, use the SNMPEXTRAOPTIONS Macro to add specific authentication parameters More information in the Troubleshooting SNMP section.
Mandatory | Name | Description |
---|---|---|
SNMPEXTRAOPTIONS | Configure your own SNMPv3 credentials combo |
FAQβ
How do I run my plugin through the CLI and what do the main parameters stand for?β
Once you've installed the plugin, you can test it logging with centreon-engine user:
/usr/lib/centreon/plugins/centreon_mcafee_webgateway_snmp.pl \
--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin \
--mode=clients \
--hostname=10.0.0.1 \
--snmp-version='2c' \
--snmp-community='my-snmp-community' \
--filter-counters='' \
--warning-clients='' \
--critical-clients='30' \
--warning-sockets='' \
--critical-sockets='70' \
--use-new-perfdata
Expected command output is shown below:
OK: Connected clients: 10, Open network sockets: 50 | 'clients.connected.count'=10;0:20;0:30;0; 'sockets.connected.count'=50;0:60;0:70;0;
In this example, the Plugin gets the number of connected clients
(--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin--mode=client
)
by requesting the McAfee Web Gateway using the SNMP protocol at 10.0.0.1
(--hostname='10.0.0.1' --snmp-version='2c' --snmp-community='mysnmpcommunity'
).
This command will trigger an alarm when the number of connected clients is greater
than 30 (--critical-clients='30'
) or the number of open network sockets is
greater then 70 (--critical-sockets='70'
)
All available options for a given mode can be displayed by adding the
--help
parameter to the command:
/usr/lib/centreon/plugins/centreon_mcafee_webgateway_snmp.pl \
--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin \
--mode=clients \
--help
All Plugin modes can be listed with the following command:
/usr/lib/centreon/plugins/centreon_mcafee_webgateway_snmp.pl \
--plugin=apps::antivirus::mcafee::webgateway::snmp::plugin \
--list-mode
Troubleshootingβ
UNKNOWN: SNMP GET Request : Timeoutβ
If you get this message, you're probably facing one of theses issues:
Your SNMP server isn't started or misconfigured
An external device is blocking your request (firewall, ...)
UNKNOWN: SNMP GET Request : Cant get a single value.β
This message generally means that SNMP privileges are not wide enough for the mode/plugin to work properly. The SNMP agent must be able to access the branch .1.3.6.1.4.1.1230.