/* * Source of check_office_scan.exe * - A nagios plugin to monitor state of an office scan server * * Arguments: * -v count virus infections in last days. * -t warn if more than infections were * found in last days. * -u return error if last virus definition is older than days. * * Default values: -v 10, -t 0, -u 8 * * Also returns an critical error if the service is not running. * * To compile, use Microsofts Java Script Compiler (JSC,jsc.exe) included in MS .NET Framework. * * Use this script with NRPE or NSClient++. For NSClient++ include as follows: * * [NRPE Handlers] * check_office_scan=scripts\\check_office_scan.exe * * Author: Moritz Bechler for Schmieder IT Solutions (http://www.schmieder.de) * License: MIT License * * Copyright (c) 2010 Moritz Bechler * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ import System; // DEFAULTS: var virusInLastDays = 10; var virusThreshold = 0; var maxUpdateDays = 8; var Args = Environment.GetCommandLineArgs(); var enumArgs = new Enumerator(Args); enumArgs.moveNext(); for(; !enumArgs.atEnd(); enumArgs.moveNext()) { var arg = enumArgs.item(); if( arg == "-v" ) { enumArgs.moveNext(); virusInLastDays = enumArgs.item(); } if ( arg == "-t" ) { enumArgs.moveNext(); virusThreshold = enumArgs.item(); } if ( arg == "-u" ) { enumArgs.moveNext(); maxUpdateDays = enumArgs.item(); } } var Today = new Date(); // Check whether service is running var objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}\\\\.\\root\\CIMV2"); var servItems = objWMIService.ExecQuery("SELECT * FROM Win32_Service WHERE Name = \"TMiCRCScanService\"",); try { var tmService = (new Enumerator(servItems)).item(); if ( tmService.State != "Running" ) { print("CRITICAL: Trend Micro Office Scan service not running!"); Environment.Exit(2); } } catch (e) { print("CRITICAL: Trend Micro Office Scan service not installed!"); Environment.Exit(2); } // Check whether virus definitions are current var definitionsCurrent = false; // locate install path var Sh = new ActiveXObject("WScript.Shell"); var InstallKey = "HKEY_LOCAL_MACHINE\\SOFTWARE\\TrendMicro\\OfficeScan\\service\\Information\\Local_Path"; var OfficeScanPath = Sh.RegRead(InstallKey); var UpdateLogPath = OfficeScanPath + "\\Log\\update.log"; var fso = new ActiveXObject("Scripting.FileSystemObject"); var updateLogFile = fso.getFile(UpdateLogPath); var updateLog = updateLogFile.openAsTextStream(1,0); // parse Log file var lastUpdate = 0; var searchRe = /^([0-9]+),2,1,1,(.*)$/i; while(!updateLog.AtEndOfStream) { var line = updateLog.ReadLine(); var res = line.match(searchRe); if(res) { lastUpdate = res[1]; } } updateLog.Close(); var lastUpdateDate = new Date(lastUpdate.substr(0,4), lastUpdate.substr(4,2)-1, lastUpdate.substr(6,2), lastUpdate.substr(8,2), lastUpdate.substr(10,2)); var needUpdateAfter = new Date(); needUpdateAfter.setDate( Today.getDate() - maxUpdateDays); if(lastUpdateDate > needUpdateAfter) { definitionsCurrent = true; } // Check whether there are virus alerts in the Event Log var logScanStart = new Date(); logScanStart.setDate( Today.getDate() - virusInLastDays ); var logQuery = "SELECT * FROM Win32_NTLogEvent WHERE EventType = 2 AND LogFile = \"Application\" AND SourceName = \"Trend Micro OfficeScan Server\""; var logScanStartString = String.Format("{0}{1,2:00}{2,2:00}{3,2:00}{4,2:00}", logScanStart.getYear(), logScanStart.getMonth()+1, logScanStart.getDate(), logScanStart.getHours(), logScanStart.getMinutes()) + "00.00000000"; logQuery += " AND TimeGenerated >= \"" + logScanStartString + "\""; var logItems = objWMIService.ExecQuery(logQuery); var logEnum = new Enumerator(logItems); var virusCount = 0; for(;!logEnum.atEnd(); logEnum.moveNext()) { var logItem = logEnum.item(); if(logItem.Message.match(/virus/i)) { virusCount++; } } if(!definitionsCurrent) { print(String.Format("CRITICAL: Virus definitions are older than {0} days | infections={1}", maxUpdateDays, virusCount)); Environment.Exit(2); } else if(virusCount > virusThreshold) { print(String.Format("WARNING: More than {0} virus infections in last {1} days | infections={2}", virusThreshold, virusInLastDays, virusCount)); Environment.Exit(1); } else { print(String.Format("OK: No problems found | infections={0}", virusCount)); Environment.Exit(0); }