After the success of being able to monitor ODBC connections with the help of Nagios we thought about how we could monitor the log files from a virus scanner with Nagios and get a mail if it finds something in the scan of the system so that we don’t have to check the log files manually to see if it finds something.
We choose to use ClamAV for the task of being the virus scanner and configured it to run during the weekend when there is not to much load on the server so it wont interrupt normal day to day operations.
Then Nagios will run the python script on Monday morning with Nrpe and send an e-mail if ClamAV found any infected files and someone need to resolve the virus problem, this is not done manually because we came to the conclusion that its best to have a hands on approach to things like this and when the problem have been resolved edit the log file and edit the number of infected files it will show as a confirmation that the virus problem have been resolved.
ClamAV can be found here
http://www.clamav.net/index.html
Config in Nsclient++
As mention in the previous post about Nsclient++ and ODBC[link to post] connentions. The way to add a python script to Nsclient++
In the ini file that is the config file for NSCLient++ add the following
Checkexternalscripts =1
[/setting/external scripts ]
allow arguments = true
[/settings/external scripts/scripts]
check_odbc= py ”check_clam.py”
And now the python part
import sys
total=0
# begin by seeing if the file to be looked in is there or not.
try:
f=open("ClamScanLog.txt", 'r')
#if file not found
except IOError:
#exit 1 is for nagios so it will display a warning and send a warning e-mail
print("Warning: File not found")
sys.exit(1)
else:
#get the number of infected files from the log file
for line in f:
if 'Infected files' in line:
line=line.split("\n")
newLine=line[0].split(':')
total=total+int(newLine[1])
msg=newLine[0]+" "+str(total)
#if there are any infected files found, tell nagios to send an email about it
if total >0:
print("Critical: ")
print (msg)
sys.exit(2)
else:
#no infected files
print("OK")
print (msg)
sys.exit(0)
Not anything realy advanced to get this to work, just need a bit of knowledge of the exit codes for Nagios and how Nagios interprets them.
Conclousion
Since we discovered how to write custom plugins for Nsclient++ and Windows we have the same monitoring available to us as we have with our Linux servers and leads to us saving a lot of time in the long run.
Take the time to learn how to do plugins like this for your self it will save a lot of frustration when that plugin in you found that will solve all your current monitoring problems fails