Options
Sign in to Download

McAfee Web Gateway (Linux and Unix)

This template assesses the overall performance of McAfee Web Gateway installed on a Linux/Unix based computer. This template uses SNMP and TCP port monitors to retrieve statistics from the target server.


Prerequisites: SNMP enabled on the operating system and allowed to monitor mwg-antimalware, mwg-core, mwg-coordinator and mwg-snmp processes.


Credentials: None (uses the SNMP public string assigned to the node).


Notes:

  • This template is configured to send SNMP requests on port 161.
  • This template was created on McAfee Web Gateway v 7.


Monitored Components

Number of Detected Infections

     This monitor returns the number of infections detected by the McAfee Gateway Antimalware Engine. This value should be as low as possible.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.2.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

Number of Not Blocked Connections

     This monitor returns the number of connections that not have been blocked.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.3.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

Number of Blocked Connections by Anti-Malware

     This monitor returns the number of connections blocked by Anti-Malware. This value should be as low as possible.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.5.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

Number of Blocked Connections

     This monitor returns the number of blocked connections. This value should be as low as possible.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.5.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

Number of Blocked Connections by Media-Type Filter

     This monitor returns the number of connections that have been blocked by the Media-Type filter. This value should be as low as possible.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.6.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

Number of Blocked Connections by URL Filter

     This monitor returns the number of connections that have been blocked by the URL filter. This value should be as low as possible.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.7.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

Number of Detected Categories by URL Filter

     This monitor returns the number of categories detected by the URL filter.

     OID: 1.3.6.1.4.1.1230.2.7.2.1.9.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTP: Number requests

     This monitor returns the number of HTTP requests.

     OID: 1.3.6.1.4.1.1230.2.7.2.2.1.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTP: Bytes Transferred Between Proxy and Servers

     This monitor returns the number of bytes transferred between proxy and server(s) using the HTTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.2.2.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTP: Bytes Transferred From Client to Proxy

     This monitor returns the number of bytes transferred from client to proxy using the HTTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.2.3.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTP: Bytes Transferred From Server to Proxy

     This monitor returns the number of bytes transferred from server to proxy using the HTTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.2.4.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTP: Bytes Transferred From Proxy to Clients

     This monitor returns the number of bytes transferred from proxy to client(s) using the HTTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.2.5.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTP: Bytes Transferred From Proxy to Servers

     This monitor returns the number of bytes transferred from proxy to server(s) using the HTTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.2.6.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTPS: Number requests

     This monitor returns the number of HTTPS requests.

     OID: 1.3.6.1.4.1.1230.2.7.2.3.1.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTPS: Bytes Transferred Between Proxy and Servers

     This monitor returns the number of bytes transferred between proxy and server(s) using the HTTPS protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.3.2.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTPS: Bytes Transferred From Client to Proxy

     This monitor returns the number of bytes transferred from client to proxy using the HTTPS protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.3.3.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTPS: Bytes Transferred From Server to Proxy

     This monitor returns the number of bytes transferred from server to proxy using the HTTPS protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.3.4.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTPS: Bytes Transferred From Proxy to Clients

     This monitor returns the number of bytes transferred from proxy to client(s) using the HTTPS protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.3.5.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

HTTPS: Bytes Transferred From Proxy to Servers

     This monitor returns the number of bytes transferred from proxy to server(s) using the HTTPS protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.3.6.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

FTP: Bytes Transferred Between Proxy and Servers

     This monitor returns the number of bytes transferred between proxy and server(s) using the FTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.4.1.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

FTP: Bytes Transferred From Clients to Proxy

     This monitor returns the number of bytes transferred from client(s) to proxy using the FTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.4.2.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

FTP: Bytes Transferred From Server to Proxy

     This monitor returns the number of bytes transferred from server(s) to proxy using the FTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.4.3.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

FTP: Bytes Transferred From Proxy to Clients

     This monitor returns the number of bytes transferred from proxy to client(s) using the FTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.4.4.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

FTP: Bytes Transferred From Proxy to Servers

     This monitor returns the number of bytes transferred from proxy to server(s) using the FTP protocol.

     OID: 1.3.6.1.4.1.1230.2.7.2.4.5.0

     Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

CPU Usage (%)

     This monitor returns the current overall CPU usage in percent. This value should be as low as possible.

     OID: 1.3.6.1.4.1.1230.2.7.2.5.1.0

Currently Connected Clients

     This monitor returns the number of currently connected clients.

     OID: 1.3.6.1.4.1.1230.2.7.2.5.2.0

Network Connections in Use by Proxy

     This monitor returns the number of open network sockets in use by the proxy.

     OID: 1.3.6.1.4.1.1230.2.7.2.5.3.0

Web Console (HTTP) TCP Port

     This component monitor tests the ability of a McAfee Web Gateway web console to accept incoming sessions by using HTTP protocol. By default, it monitors TCP port 4711.

Web Console (HTTPS) TCP Port

     This component monitor tests the ability of a McAfee Web Gateway web console to accept incoming sessions by using HTTPS protocol. By default, it monitors TCP port 4712.

Process: Antimalware Engine

     This monitor returns the CPU and memory usage of the McAfee Antimalware Engine (mwg-antimalware) process. This process is used for virus scanning.

Process: Core

     This monitor returns the CPU and memory usage of the McAfee Core (mwg-core) process. This process provides a proxy module for intercepting web traffic and a rule module for processing the filtering rules that make up your web security policy.

Process: Coordinator

     This monitor returns the CPU and memory usage of the McAfee Coordinator (mwg-coordinator) process. This process stores all configuration data processed on the appliance.

Process: SNMP

     This monitor returns the CPU and memory usage of the McAfee SNMP (mwg-snmp) process. This process provides SNMP access to McAfee Web Gateway.

Portions of this document were originally created by and are excerpted from the following sources:
McAfee Corporation, “mcafee-mwg-mib.txt." Copyright Copyright 2012 McAfee Corporation.  All rights reserved.

solarwinds_worldwide_llc

  • How about something to properly detect system uptime?  The default setup for "node details by SolarWinds" shows a LAST BOOT field that has bad data.  I have a Cluster of McAfee Web Gateways that have all been up about 6 months.  But SolarWinds is reporting that they have all rebooted 24 to 29 times in the last 30 days.  The admin for these boxes tells me that he thinks that Solarwinds is reporting a reboot every time he updates the policy on these boxes.  What OID's are we using to produce the node details?  I can only see what's in node details if I author my own.  I don't seem to be able to see into what SolarWinds is doing for node details.

  • Out of curiosity which websense product/s are you running and what platform/OS are they running on?

  • Thank you Bronx. Are you planning to create Websense template too?

  • looking at the template:

    Number of Detected Infections

    This monitor returns the number of infections detected by the McAfee Gateway Antimalware Engine. This value should be as low as possible.

    OID: 1.3.6.1.4.1.1230.2.7.2.1.2.0

    Note: By default, this monitor has the Count statistic as difference box checked. It will show the new statistic since the last polling period.

    Warning threshold: greater than 0

    Critical threshold: greater than 10

    The default configuration should be returning a value of "0" as the normal state. Based on our own internal testing it does not appear to be an issue with the application template, but if you are welcome to open a case with support and we can help diagnose where the issue is coming from.

  • Never did figure out the:

    Another weird issue has to do with the "Number of Detected Infections".  Right now it shows 0 but the component is in a warning state.

    What's the logic for setting this monitor?  I've set it to 0, 1 and 10 and just can't see what's triggering it and how / when it gets reset.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.