Freewaregruppe Monitoring/Nagios-Plugins
Windows-Plugin: checks the state of a SOPHOS Enterprise Console (called SEC).
check_sophos_sec is a Windows-Plugin for Nagios, which checks the state of a SOPHOS Enterprise Console (called SEC).
The plugin detect various statuses from the Sophos database.
Installed SOPHOS Enterprise Console
Usually you open the script with the path to database:
C:> check_sophos_sec.exe sql=<SQL-Instanz> database=<Name_der_Datenbank>
For debugging purposes, it may also be called with a more detailed output option (this mode is not suitable for continuous operation, but for testing purposes only). Afterwards it will output the detailed status of the individual components:
C:> check_sophos_sec.exe sql=localhost\sophos database=test debug
For information on the plugin and its usage you can call it with the help command:
C:> check_sophos_sec.exe help
check_sophos_sec - Version 1.0
Copyright (C) 2015 LuftEngineering GmbH
Report Bugs to: development@luft-it.de
check_sophos_sec plugin for Nagios. Monitors threads of Sophos Enterprise Console Database
Usage:
database - Database name on SQL server (default: SOPHOS521)
sql - Plugin uses MS SQL Express database (SERVER\INSTANCE)
timeout - Seconds before the plugin times out (default = 15)
version - Plugin version
help - Show this text
debug - Print details. NOT for use with nagios
Preferably the plugin is copied into the script directory where you will store your checks under Windows
When using NSClient ++ use an entry in NSC.INI similar to this is generated and pointed to check_sophos_sec:
... [/settings/NRPE/server] allow arguments=true [/settings/external scripts/server] allow arguments=true [/settings/external scripts/scripts] check_sophos_sec=c:\scripts\check_sophos_sec.exe sql=localhost\sophos ...
Check, if Test-Database has Thread-Entries:
C:> check_sophos_sec.exe sql=localhost\sophos database=test
*** New Events in database *** ID: 1 - Date: 30.11.2015 11:59:35 - Computer: LAPT06 - ThreatName: Generic PUA EI - FullPath: C:\Users\ASmith\AppData\Local\Microsoft\Windows\Temporary InternetFiles\Content.IE5\4U927KJA\Falcon_InstallDownload_1145[1].exe ID: 3 - Date: 30.11.2015 12:00:25 - Computer: LAPT06 - ThreatName: OutBrowse - FullPath: C:\Users\ASmith\AppData\Local\Temp\f.exe ID: 4 - Date: 30.11.2015 12:00:29 - Computer: LAPT06 - ThreatName: DealPly Updater - FullPath: C:\Users\ASmith\AppData\Local\Temp\PriceMeterUpdateVer.exe ID: 5 - Date: 30.11.2015 12:00:37 - Computer: LAPT06 - ThreatName: Generic PUA IJ - FullPath: C:\Users\ASmith\AppData\Local\Temp\WebHelper_InstallDownload_1145.exe ID: 6 - Date: 30.11.2015 12:00:44 - Computer: LAPT06 - ThreatName: Generic PUA JL - FullPath: C:\Users\ASmith\AppData\Local\Temp\is45637729\10668118_stp\AnyProtectScannerSetup.exe ID: 7 - Date: 30.11.2015 12:00:55 - Computer: LAPT06 - ThreatName: SearchSuite - FullPath: C:\Users\ASmith\AppData\Local\Temp\is45637729\11869301_stp\SettingsManagerSetup.exe ID: 8 - Date: 30.11.2015 12:01:06 - Computer: LAPT06 - ThreatName: Generic PUA DB - FullPath: C:\Users\ASmith\AppData\Local\Temp\OCS\ocs_v71b.exe ID: 9 - Date: 30.11.2015 12:01:42 - Computer: LAPT06 - ThreatName: SoftPulse - FullPath: C:\Users\ASmith\Downloads\Setup(6).exe ID: 19 - Date: 30.11.2015 13:17:13 - Computer: PCBOILER - ThreatName: SomotoBetterInstaller - FullPath: C:\Users\CBoiler\AppData\Local\Temp\bitool.dll ID: 20 - Date: 30.11.2015 13:17:25 - Computer: PCBOILER - ThreatName: OutBrowse Revenyou - FullPath: C:\Users\CBoiler\AppData\Local\Temp\DownloadManager.exe ID: 21 - Date: 01.12.2015 07:13:36 - Computer: LAPT09 - ThreatName: OpenCandy - FullPath: C:\Users\CKren\AppData\Local\Temp\is-C2S0R.tmp\OCSetupHlp.dll *** END (11 new events in database) *** Thread-Alerts CRITICAL: 11 new Events in database.
2015-15-12
1.0 – First public version
Check_sophos_sec is licensed under the GNU General Public License.
Joachim Luft will answer your questions to this plugin and is happy about your donation.
