Tuesday, 20 June 2017

NSClient++ - Check McAfee Status

I wanted to have Nagios monitor the status of McAfee Virus-Scan on our servers. I wanted to ensure that I knew of any installations where the Agent, Virus-Scan, Engine or DATs were not at a version that they should be.
To that end I decided to write a bit of PowerShell code to use in conjunction with NSClient++ that we use for monitoring our Windows servers.
You can download the PowerShell script from GitHub here:-


Put the downloaded script into your scripts folder in your NSClient++ installation location... e.g.:-

“C:\Program Files\NSClient++\scripts”

The PowerShell script will check registry keys for McAfee based on the following parameters which need to be supplied:-

-AgentVersion
-VScanVersion
-EngineVersion
-WarnDays
-CritDays

If the values of the supplied parameters do not match then a Warning or Critical level will be raised back to Nagios.

To execute from within NSClient++ the following should be in the NSClient++.ini file:-

[NRPE Handlers]
check_mcafee_status = cmd /c echo scripts\Check_McAfee_Status.ps1 -AgentVersion 5.0.4.283 -VScanVersion 8.8.0.1599 -EngineVersion 5800.7501 -WarnDays 2 -CritDays 5; exit($lastexitcode) | powershell.exe -command –

The bold numbers above should be changed to match your requirements.

On the check_nrpe command include the -t 60, since it can take longer than the standard 10 seconds to run.

I have tested this with the following x86 & x64 versions of NSClient++ version 0.4.4.16
NSClient++ version 0.5.0.62 on the below Operating Systems.

Windows Server 2003
Windows Server 2003 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

Windows Server 2016

No comments:

Post a Comment