[AV PLUGIN] CrossinG by ChapsVision

[anthonyBertrant]

Hello,

It will be great to create a AV plugin for the secure exchange gateway CrossinG, made by French compagny ChapsVision.

Sadly, due to hardening mesures, we cannot execute a snmp walk on this. So, I compiled some of the endpoint.

Here they are: snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.1.1 SNMPv2-SMI::enterprises.50853.1.2.6.1.1 = STRING: "Clamav"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.1.2 SNMPv2-SMI::enterprises.50853.1.2.6.1.2 = STRING: "26750"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.1.3 SNMPv2-SMI::enterprises.50853.1.2.6.1.3 = STRING: "14 Dec 2022 03-15 -0500"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.1.4 SNMPv2-SMI::enterprises.50853.1.2.6.1.4 = STRING: "Permanent"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.2.1 SNMPv2-SMI::enterprises.50853.1.2.6.2.1 = STRING: "Eset"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.2.2 SNMPv2-SMI::enterprises.50853.1.2.6.2.2 = STRING: "26420"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.2.3 SNMPv2-SMI::enterprises.50853.1.2.6.2.3 = STRING: "2022-12-14"

snmpget [ARGS] [IP] 1.3.6.1.4.1.50853.1.2.6.2.4 SNMPv2-SMI::enterprises.50853.1.2.6.2.4 = STRING: "2025-07-01"

This gateway have 2 antivirus than can be used. ClamAV is the one by default. ESET is the one you can purchase in option. Both antivirus can be updated separatly.

I think we can made a plugin that can check if AV versions are OK, and implement a system like: if AV expiration date soon (exemple: 3 days), then it expire soon (warning), if AV expiration date is past due, then it's expired (critical), else it's OK.

If you need more informations, I'll be glad to offer my help.

Regards,

[garnier-quentin]

Could you provide the mib files?

[anthonyBertrant]

Hello Quentin,

I will ask the support for the MIB, but I only got the OID endpoint. The MIB file I got seems to be a little outdated.

Indicateur d’espace disque faible 1.3.6.1.4.1.50853.1.2.1 Indicateur d’état de la passerelle 1.3.6.1.4.1.50853.1.2.4 Indicateur d’activation de la chaîne de traitements A->B 1.3.6.1.4.1.50853.1.2.2.1 Indicateur d’activation de la chaîne de traitements B->A 1.3.6.1.4.1.50853.1.2.3.1

Nom de l'antivirus 1: Clamav par défaut 1.3.6.1.4.1.50853.1.2.6.1.1 Version de l'antivirus 1 1.3.6.1.4.1.50853.1.2.6.1.2 Date de la base de signatures de l'antivirus 1 1.3.6.1.4.1.50853.1.2.6.1.3 Date d’expiration de la licence de l'antivirus 1 (permanent pour ClamAV) 1.3.6.1.4.1.50853.1.2.6.1.4

Nom de l'antivirus 2: Eset Nod32 par défaut 1.3.6.1.4.1.50853.1.2.6.2.1 Version de l'antivirus 2 1.3.6.1.4.1.50853.1.2.6.2.2 Date de la base de signatures de l'antivirus 2 1.3.6.1.4.1.50853.1.2.6.2.3 Date d’expiration de la licence de l'antivirus 2 1.3.6.1.4.1.50853.1.2.6.2.4 Nombre de démarrages de la passerelle 1.3.6.1.4.1.50853.1.2.5 CROSSING-MIB.txt

Regards,

[anthonyBertrant]

Here are the last MIB file provided by the support CROSSING-MIB.txt

[garnier-quentin]

The mibs describe the OIDs as traps. the mib is outdated. i need a good mib file.

[anthonyBertrant]

Quentin, thanks for your help. The file sent is the last one provided by the support (I asked the support to give me the last up-to-date mib file). I can't provide much.

Which informations do you need ? Maybe I can ask them what is missing ?

[garnier-quentin]

could you ask to chapsvision support ?

[anthonyBertrant]

Quentin, I just got the support, and they don't have any more file to be up-to-date than the one already provided.

Which informations are missing ?

[anthonyBertrant]

Hello Quentin, do you have any news concerning this issue ?

[garnier-quentin]

The mib file doesn't match. It would be great to update the mib file.

[anthonyBertrant]

Hello Quentin, in attachment the last MIB the support sent to me. The MIB will be updated before end-2023. It's the last one I can get. They inform me of some errors (some OID are described as trap but are snmp get), but it'll be fixed in end-2023 CROSSING-MIB.txt

Hope it'll be enough

Regards

[anthonyBertrant]

Hello Quentin, did you have time to review the previously sent file ? Regards,

[anthonyBertrant]

Hello Quentin, got any news ?

[garnier-quentin]

I will planned it in July

[anthonyBertrant]

Hello Quentin, glad to hear it. I can't wait to see this new plugin at work, and I'll be happy to give you feedback on how well it works

[garnier-quentin]

Could you provide a snmpwalk of following branch ?

snmpwalk -ObentU -v 2c -c public IP .1.3.6.1.4.1.50853 > chapsvision.snmpwalk

Sorry you cant walk. Could you snmpget following OIDs ? .1.3.6.1.4.1.50853.1.2.4.1 .1.3.6.1.4.1.50853.1.2.1.1 .1.3.6.1.4.1.50853.1.2.3.1.1 .1.3.6.1.4.1.50853.1.2.2.1.1

[garnier-quentin]

You can test with the following archive: https://github.com/centreon/centreon-plugins/archive/refs/heads/MON-20795-chapsvision.zip

The command:

$ perl centreon_plugins.pl --plugin=network::chapsvision::crossing::snmp::plugin --hostname='127.0.0.1'  --snmp-community='crossing' --snmp-version=2c --mode=antivirus --verbose --antivirus2-date-format='%Y-%m-%d' --antivirus1-date-format='%d %b %Y'

[anthonyBertrant]

Hello Quentin, thanks for your help. I just tried to test your package and I have an issue due to some dependencies resolution. It seems that I don't have the requested modules named DateTime::Format::Strptime and DateTime.

I've never installed a Perl dependencie on any OS, and don't know how to do it. Do you have any tips ?

My work environment forbid to install any package without correct approbation, so I don't know if I can install any dependencies like that.

Regards,

[fmattesct]

Hi, ChapsVision CrossinG monitoring connector is now released : https://docs.centreon.com/pp/integrations/plugin-packs/procedures/network-chapsvision-crossing-snmp/

Please let us know if you still have any issue.