|
MRTG is an excellent
tool for graphing most network related things like bandwidth usage, ping latency etc. I’ve been running mrtg for the last three years graphing the network usage on our Cisco WAN routers amongst a few other things.
I’ve always wanted
to get some stats on how our AntiVirus Email gateway is performing. Unfortunately, the Trend Interscan package does not contain any SNMP management, which makes it more of a challenge to monitor. Interscan is running on a Win2000 server, where the only stats avaible is either using the builtin reports of Interscan, or by using the Windows Performance monitor (Perfmon) tool. None of these allows you to do much in terms of automated monitoring,
Luckily, there is a nice little tool that is used together with Nagios (another excellent network monitoring package running on various forms of unix/linux) called NSClient. This Nagios plugin runs on all Windows servers and gives you reports on CPU, Disks, uptime etc. But the best thing about this plugin is the COUNTER function, which allows you to read any performance counter that Perfmon can give you. So, even if Trend InterScan does not give you any SNMP management, you can use the Perfomance counters to fetch values for incoming/outgoing, queue size, dropped messages, cleaned messages etc.
To set this up you need to have the following running on a Linux/Unix host:
1. MRTG by Tobias Oetiker
2. RRD Tools by Tobias Oetiker (Not necessary - standard MRTG database works too!)
3. NSClient by Yves Rubin
4. Trend Interscan running on Windows NT 4.0/5.0
All of these tools -
apart from Trend VirusWall are GPL software. Now, lets have a look at what you need to do to monitor some of the basic stuff of Trend InterScan.
Installation
Install the NSClient
on the Trend server. Make sure you install the latest and correct version as NSClient comes with both a NT 4.0 and W2K/XP binary versions. Also copy the check_nt binary file from the NSClient onto you Linux box (if you are using anything but Linux, you will have to compile the binary). Copy these 4 files to the windows system directory: pnsclient.exe , phd.dll, counters.defs and psapi.dll.
Once those are in place. issue a pnscliet /install from a command prompt. This will then install the client as an NT service. Before starting the service, go to the registry key: HLM\Software\NSClient\Params
- password and set your password.
Moving on to the
MRTG scripts... My MRTG script requires you to pass three parameters to it. First the IP address for the host which you want to get the stats from, and secondly the type of stats you want. Currently I’ve got three different sections which is used in the MRTG script:
|
|
Request Type
|
Description
|
|
msg
|
Number if send and recieved messages
|
|
vir
|
Number of detected viruses, and number of cleaned viruses
|
|
err
|
Queue lenght and number of SMTP errors.
|
|
The last parameter is just the hostname of the host you monitor. The NSClient does not give you the name of the monitored host .
You can download the script I run on my MRTG installation: MRTG Script. Put this script
somewhere where on your system which MRTG can get to.
Further on, you need to set up the monitoring part of your MRTG config file. I use RRD as the database format, but if you remove the
LogFormat: rrdtools statement from the following config file, you will use the default MRTG log format: MRTG Config File. Copy
the MRTG config file to your system and set up a cron job which runs every 5 minutes. (RedHat 7.2 already comes with a cron job that uses the /etc/mrtg/mrtg.cfg file). Replace
my config file with this script, or modify the crontab file to reflect the correct file.
Once the config file is in place, make sure you change the paramaters of the config file as
well as the MRTG script. Changes that needs to be done before the script is run are as follows:
|
|
MRTG Script
(chk-viruswall.txt)
|
Exe
|
Location of the check_nt binary
from NSClient for the linux/unix host.
|
|
ClientPwd
|
Password set on the Windows
NSClient. If you don’t want to use a password, take out the “$ClientPwd” part of the script.
|
|
CPort
|
Port which the
Windows NSClient listens to. Default is 1248.
|
|
MRTG Config
(viruswall.conf)
|
WorkDir
|
The location of your database/htlm/graphs output
|
|
LogFormat
|
Comment this file you you want to
use the native MRTG format.
|
|
LibAdd
|
Location of the RRD perl modules.
Used with rrdtools database format.
|
|
PathAdd
|
Location of the RRD binary. Used
with rrdtools database format.
|
|
<yourserverip>
|
The IP of your Trend InterScan viruswall server.
|
|
<mail>
|
The name of the host your are monitoring.
|
|
Once you have the NSClinet installed, MRTG up and running, use the MRTG Config file to
get the stats. Try issuing a mrtg /etc/viruswall.conf at the shell prompt. That should generate a couple of files in the directory you specified in the WorkDir folder. When you
view the folder in a web browser, it should bring up a screen that might look like this:
Contributions
Elmar van Mourik has added more counters for the Trend Viruswall package, which includes HTTP & FTP requests. Please download shell script chk-viruswall.txt and the MRTG config file viruswall.conf.
Problems
Check the MRTG and NSClient Faq and documentation. Most problems can be solved by
reading and following the guides following these two applications.
To troubleshoot the MRTG script, just run the script from a shell. If you type in:
./chk-viruswall 172.10.0.1 msg mail.doc-s.co.uk
from where the script is located, it will try ang get the number of messages sent and
recieved since last time the Trend Interscan service was started. The output of this command should look something like this:
121254
202097
System Uptime : 99 day(s) 7 hour(s) 13 minute(s)
mail.doc-s.co.uk
I’ve got problems to get the uptime to work on certain NT installations. I am not sure why
this is, but it is not a major problem anyway.
Error: NSClient - Wrong Password:
Change the ClientPwd entry in the MRTG script to match what you have configured on the server. The password is set in Registry using HLM\Software\NSClient\Params - password.
Update: Thanks to Elmar van Mourik for picking up the error with “Options:[] bits” entry in the MRTG config file. This gave 8 times the expected value.... (No wonder we had so much email.. :-) )
|
