Nagios/Opsview: Check Symantec AV Definitions

This morning whilst deploying a modified version of the Symantec Anti-Virus check from I noticed that on my 64-bit hosts that the check was not returning the correct data and instead of the expected output I was receiving the following error code:

Initially I thought this could be a change due to the new installs being Symantec Endpoint Protection compared to the previous times I had implemented this using Symantec Anti-Virus 10.x but the SEP installs on the 32-bit systems were working fine however the 64-bit versions were not.

A quick look in the registry showed me that the value that is read by the script is not there on the 64-bit version and has been moved to another location (HKEY_LOCAL_MACHINESOFTWAREWow6432NodeSymantecSharedDefsDefWatch). I sat down with the script and quickly wrote in some extra code that would allow me to change the search path depending on the Operating System Architecture. I also added in some more error checking so if the key didnt exist then rather than exiting with an OK status it returns an UNKNOWN status and a relevant error message.

As I use NSClient++ to enable me to monitor my Windows servers I simply save the script to the NSClient++scripts folder and add the following line into my NSCI.ini under [NRPE Handlers]

Then from within Nagios or Opsview define the command for check_nrpe

check_nrpe -H $HOSTADDRESS$ -c check_av -a 2 3

The full script is listed below and is also available on Monitoring Exchange (link):

One thought on “Nagios/Opsview: Check Symantec AV Definitions

  1. I havent tested the script on a 2008R2 server yet but it worked without issue on a 2008 x64 Standard server.

    Did you download the script from Monitoring Exchange or from the post above?

  2. hey,

    I test you script on a windows 2008R2 64bit server. an i got a this error

    /etc/nagios# /usr/local/nagios/libexec/check_nrpe -H -c check_av -a 2 3
    C:Program FilesNSClient++scriptscheck_av.vbs(28, 3) Microsoft VBScript runtime error: Type mismatch: ‘Cint’

    any idears?

Comments are closed.