AW: Monitoring clamav signature updates
Tommy Abrahamsson
tommy at tommy.adsl.dk
Mon Feb 21 12:15:03 CET 2005
Thanks, I think I got it.
By using NSCA and my poorly written script ;), it provides some basic
monitoring of clamav signature status.
Please feel free to use it - but don't blame me for the coding ;)
Thanks for your input.
Tommy
---
#!/bin/sh
# Arguments
# $1 = name of host in service definition
# $2 = name/description of service in service definition
# $3 = return code
# Determine the local signature versions, and the real live versions.
myDailyVersion=`/usr/bin/sigtool -i /var/amavisd/daily.cvd | grep -i
version | awk '{print $2}'`
myMainVersion=`/usr/bin/sigtool -i /var/amavisd/main.cvd | grep -i
version | awk '{print $2}'`
realDailyVersion=`host -t txt current.cvd.clamav.net|awk 'BEGIN {FS=":"}
{print $3}'`
realMainVersion=`host -t txt current.cvd.clamav.net|awk 'BEGIN {FS=":"}
{print $2}'`
# Generate the output for nagios
output="Official: $realMainVersion/$realDailyVersion. Local:
$myMainVersion/$myDailyVersion"
# If the return code has been specified, then just use this. Otherwise
calculate the return code
if [ $3 ]; then
status=$3
else
# Set the return code, based on the local and real signatures
if [ "$myDailyVersion" != "$realDailyVersion" ] ||
[ "$myMainVersion" != "$realMainVersion" ]; then
status=2
else
status=0
fi
fi
# Submit the result
/bin/echo -e "$1\t$2\t$status\t$output\n" | /usr/sbin/send_nsca -H
nagiosserver
----------
On Mon, 2005-02-21 at 11:48 +0100, Schmitz, Carsten wrote:
> > but how to integrate with Nagios?
>
> Shell script. Code your "signature compare" logic in your prefered shell using awk or cut and test (or perl or any other language), output error level 0 for okay, 1 warning, 2 error.
>
> But I have troubles seeing how to deduct the signature freshness from those commands (maybe thats just me, my clamav isn't production and not up-to-date).
>
> But why not just use freshclam for Nagios? Call freshclam from shell script, grep for "<filename.cvd> is is up to date", return code 0 if found, 2 if not. Much easier.
>
> Here's my (much outdated ;) freshclam output so you can see what to grep for:
>
> freshclam
> ClamAV update process started at Mon Feb 21 11:43:30 2005
> Reading CVD header (main.cvd): OK
> main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
> Reading CVD header (daily.cvd): OK
> daily.cvd is up to date (version: 718, sigs: 1929, f-level: 4, builder: tkojm)
> WARNING: Your ClamAV installation is OUTDATED - please update immediately!
> WARNING: Current functionality level = 3, required = 4
>
> Cheers,
> Carsten
>
>
>
>
>
> -----Original Message-----
> From: nagios-users-admin at lists.sourceforge.net
> [mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Tommy
> Abrahamsson
> Sent: Monday, February 21, 2005 8:36 AM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: AW: [Nagios-users] Monitoring clamav signature updates
>
>
> Thank you, but maybe I wasn't clear enough. Sending emails is not a
> problem, Nagios does this very well. I'm interested in seeing the status
> of a clamav daemon - whether it's updated or not - with the latest virus
> signatures. The 2 mentioned commands, can get the values, but how to
> integrate with Nagios?
> Thanks.
> Best regards
>
> On Mon, 2005-02-21 at 08:16 +0100, Thomas Jungbauer wrote:
> > Hi,
> >
> > I am using a perl script, which can be downloaded at: http://www.logix.cz/michal/devel/smtp/smtp-client.pl
> >
> > However, to use this script together with nagios you will have to make some modifications on the script. (ie: using utils and libs for nagios and changing some error-codes, to retrieve correct return states which can be used by the nagios deamon.)
> >
> > Best Regards
> > Thomas
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: nagios-users-admin at lists.sourceforge.net [mailto:nagios-users-admin at lists.sourceforge.net] Im Auftrag von Tommy Abrahamsson
> > Gesendet: Sonntag, 20. Februar 2005 17:27
> > An: nagios-users at lists.sourceforge.net
> > Betreff: [Nagios-users] Monitoring clamav signature updates
> >
> > Hi
> >
> > I'm trying to figure out the best way of monitoring if a ClamAV daemon
> > (www.clamav.net) is updated properly with the latest signatures.
> >
> > My idea was to have some kind of plugin comparing the local value -
> > "sigtool -i /path/to/signature" - with the official values - "host -t
> > txt current.cvd.clamav.net".
> >
> > It'll be cool if Nagios could do this. So do somebody out here already
> > have experiences with this, or maybe already written a plugin?
> > What would be the best way, using a NSCA or NRPE to achieve this kind of
> > monitoring?
> >
> > Thanks in advance.
> > Best regards
> >
> >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
> HWj)bh+yNLv-yv'z\jwbv,xnv!3ۜjj[z('!
lXzm^*^J֫v)!lgri؝}eȝ^7)brCZ*,ǫf)+-5"ˬz%lqzm?X(
~zwXb?"ˬzz)ܖ^5"ޮȨn)z"{ڝӒhا.xǬ
ib~"ZFފx,z{m^
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list