Dr.Web SNMP MIB

Top  Previous  Next

The list of operating parameters of Dr.Web for UNIX Internet Gateways that can be fetched by external monitoring systems over the SNMP protocol is provided in the table below.

Parameter name

OID of the parameter

Type and description of the parameter

Common prefix for all names: .iso.org.dod.internet.private.enterprises.drweb.drwebSnmpd

Common prefix for all OIDs: .1.3.6.1.4.1.29690.2

alert

Asynchronous notifications about events (SNMP traps)

threatAlert

.1.1

Notification about detecting a threat

threatAlertFile

.1.1.1

Name of the infected file (string)

threatAlertType

.1.1.2

Threat type (integer *)

threatAlertName

.1.1.3

Name of the threat (string)

threatAlertOrigin

.1.1.4

Identifier of the component that detected the threat (integer***)

threatActionErrorAlert

.1.2

Notification about an error occurred when trying to neutralize the threat

threatActionErrorAlertFile

.1.2.1

Name of the infected file (string)

threatActionErrorAlertType

.1.2.2

Threat type (integer *)

threatActionErrorAlertName

.1.2.3

Name of the threat (string)

threatActionErrorAlertOrigin

.1.2.4

Identifier of the component that detected the threat (integer***)

threatActionErrorAlertError

.1.2.5

Description of an error (string)

threatActionErrorAlertErrorCode

.1.2.6

Error code (integer corresponding to code from error catalogue)

threatActionErrorAlertAction

.1.2.7

Failed action (1—cure; 2—move to quarantine; 3—delete; 4—report; 5—ignore)

componentFailureAlert

.1.3

Notification about a component failure

componentFailureAlertName

.1.3.1

Component identifier (integer***)

componentFailureAlertExitCodeDescription

.1.3.2

Component exit code description (string)

componentFailureAlertExitCode

.1.3.3

Error code (integer corresponding to code from error catalogue)

infectedUrlAlert

.1.4

Notification about blocking a malicious URL (for HTTP/HTTPS connections)

infectedUrlAlertUrl

.1.4.1

The URL that was blocked (string)

infectedUrlAlertDirection

.1.4.2

HTTP message direction (integer: 1—request, 2—response)

infectedUrlAlertType

.1.4.3

Threat type (integer *)

infectedUrlAlertName

.1.4.4

Name of the threat (string)

infectedUrlAlertOrigin

.1.4.5

Identifier of the component that detected the threat (integer***)

infectedUrlAlertSrcIp

.1.4.6

IP address of connection source (string)

infectedUrlAlertSrcPort

.1.4.7

Port of connection source (integer)

infectedUrlAlertDstIp

.1.4.8

IP address of connection destination point (string)

infectedUrlAlertDstPort

.1.4.9

Port of connection destination point (integer)

infectedUrlAlertSniHost

.1.4.10

SNI of connection destination point (for SSL connections) (string)

infectedUrlAlertExePath

.1.4.11

Executable path of the program that establish the connection (string)

infectedUrlAlertUserName

.1.4.12

Name of the user with whose privileges is executing the program that establish the connection (string)

infectedAttachmentAlert

.1.5

Notification about detecting an infected email attachment

infectedAttachmentAlertType

.1.5.1

Threat type (integer *)

infectedAttachmentAlertName

.1.5.2

Name of the threat (string)

infectedAttachmentAlertOrigin

.1.5.3

Identifier of the component that detected the threat (integer***)

infectedEmailAttachmentAlertSocket

.1.5.4

IP address of the source of the email message (string)

infectedEmailAttachmentAlertMailFrom

.1.5.5

Sender of the email message (string)

infectedEmailAttachmentAlertRcptTo

.1.5.6

Recipients of the email message (string)

infectedEmailAttachmentAlertMessageId

.1.5.7

Value of Message-ID header of the email message (string)

infectedEmailAttachmentAlertAction

.1.5.8

Action that was applied to the whole email message or infected attachment (integer: 1—repack; 2—reject; 3—discard; 4—cure; 5—move to quarantine; 6—delete)

infectedEmailAttachmentAlertDivert

.1.5.9

Direction of the email message (integer: 1—incoming; 2—outgoing)

infectedEmailAttachmentAlertSrcIp

.1.5.10

IP address of connection source (string)

infectedEmailAttachmentAlertSrcPort

.1.5.11

Port of connection source (integer)

infectedEmailAttachmentAlertDstIp

.1.5.12

IP address of connection destination point (string)

infectedEmailAttachmentAlertDstPort

.1.5.13

Port of connection destination point (integer)

infectedEmailAttachmentAlertSniHost

.1.5.14

SNI of connection destination point (for SSL connections) (string)

infectedEmailAttachmentAlertProtocol

.1.5.15

Protocol type (integer: 1—SMTP; 2—POP3; 3—IMAP; 4—HTTP)

infectedEmailAttachmentAlertExePath

.1.5.16

Executable path of the program that establish the connection (string)

infectedEmailAttachmentAlertUserName

.1.5.17

Name of the user with whose privileges is executing the program that establish the connection (string)

categoryUrlAlert

.1.6

Notification about blocking a URL belonging to the unwanted category

categoryUrlAlertUrl

.1.6.1

The URL that was blocked (string)

categoryUrlAlertCategory

.1.6.2

Web resource category to which the URL belongs (integer**)

categoryUrlAlertOrigin

.1.6.3

Identifier of the component that detected the threat (integer***)

categoryUrlAlertSrcIp

.1.6.4

IP address of connection source (string)

categoryUrlAlertSrcPort

.1.6.5

Port of connection source (integer)

categoryUrlAlertDstIp

.1.6.6

IP address of connection destination point (string)

categoryUrlAlertDstPort

.1.6.7

Port of connection destination point (integer)

categoryUrlAlertSniHost

.1.6.8

SNI of connection destination point (for SSL connections) (string)

categoryUrlAlertExePath

.1.6.9

Executable path of the program that establish the connection (string)

categoryUrlAlertUserName

.1.6.10

Name of the user with whose privileges is executing the program that establish the connection (string)

categoryUrlEmailAttachmentAlert

.1.7

Notification about detecting an unwanted URL in the email message

categoryUrlEmailAttachmentAlertType

.1.7.1

Web resource category to which the URL belongs (integer**)

categoryUrlEmailAttachmentAlertOrigin

.1.7.2

Identifier of the component that detected the threat (integer***)

categoryUrlEmailAttachmentAlertSocket

.1.7.3

IP address of the source of the email message (string)

categoryUrlEmailAttachmentAlertMailFrom

.1.7.4

Sender of the email message (string)

categoryUrlEmailAttachmentAlertRcptTo

.1.7.5

Recipients of the email message (string)

categoryUrlEmailAttachmentAlertMessageId

.1.7.6

Value of Message-ID header of the email message (string)

categoryUrlEmailAttachmentAlertAction

.1.7.7

Action that was applied to the whole email message or an attachment (integer: 1—repack; 2—reject; 3—discard; 4—cure; 5—move to quarantine; 6—delete)

categoryUrlEmailAttachmentAlertDivert

.1.7.8

Direction of the email message (integer: 1—incoming; 2—outgoing)

categoryUrlEmailAttachmentAlertSrcIp

.1.7.9

IP address of connection source (string)

categoryUrlEmailAttachmentAlertSrcPort

.1.7.10

Port of connection source (integer)

categoryUrlEmailAttachmentAlertDstIp

.1.7.11

IP address of connection destination point (string)

categoryUrlEmailAttachmentAlertDstPort

.1.7.12

Port of connection destination point (integer)

categoryUrlEmailAttachmentAlertSniHost

.1.7.13

SNI of connection destination point (for SSL connections) (string)

categoryUrlEmailAttachmentAlertProtocol

.1.7.14

Protocol type (integer: 1—SMTP; 2—POP3; 3—IMAP; 4—HTTP)

categoryUrlEmailAttachmentAlertExePath

.1.7.15

Executable path of the program that establish the connection (string)

categoryUrlEmailAttachmentAlertUserName

.1.7.16

Name of the user with whose privileges is executing the program that establish the connection (string)

spamEmailAlert

.1.8

Notification about recognizing an email message as spam

spamEmailAlertOrigin

.1.8.1

Identifier of the component that detected the threat (integer***)

spamEmailAlertSocket

.1.8.2

IP address of the source of the email message (string)

spamEmailAlertMailFrom

.1.8.3

Sender of the email message (string)

spamEmailAlertRcptTo

.1.8.4

Recipients of the email message (string)

spamEmailAlertMessageId

.1.8.5

Value of Message-ID header of the email message (string)

spamEmailAlertAction

.1.8.6

Action that was applied to the whole email message or an attachment (integer: 1—repack; 2—reject; 3—discard; 4—cure; 5—move to quarantine; 6—delete)

spamEmailAlertDivert

.1.8.7

Direction of the email message (integer: 1—incoming; 2—outgoing)

spamEmailAlertSrcIp

.1.8.8

IP address of connection source (string)

spamEmailAlertSrcPort

.1.8.9

Port of connection source (integer)

spamEmailAlertDstIp

.1.8.10

IP address of connection destination point (string)

spamEmailAlertDstPort

.1.8.11

Port of connection destination point (integer)

spamEmailAlertSniHost

.1.8.12

SNI of connection destination point (for SSL connections) (string)

spamEmailAlertProtocol

.1.8.13

Protocol type (integer: 1—SMTP; 2—POP3; 3—IMAP; 4—HTTP)

spamEmailAlertExePath

.1.8.14

Executable path of the program that establish the connection (string)

spamEmailAlertUserName

.1.8.15

Name of the user with whose privileges is executing the program that establish the connection (string)

blockedConnectionAlert

.1.9

Notification about blocking a network connection

blockedConnectionAlertOrigin

.1.9.1

Identifier of the component that detected the threat (integer***)

blockedConnectionAlertDivert

.1.9.2

Direction of the connection (integer: 1—incoming; 2—outgoing)

blockedConnectionAlertSrcIp

.1.9.3

IP address of connection source (string)

blockedConnectionAlertSrcPort

.1.9.4

Port of connection source (integer)

blockedConnectionAlertDstIp

.1.9.5

IP address of connection destination point (string)

blockedConnectionAlertDstPort

.1.9.6

Port of connection destination point (integer)

blockedConnectionAlertSniHost

.1.9.7

SNI of connection destination point (for SSL connections) (string)

blockedConnectionAlertProtocol

.1.9.8

Protocol type (integer: 1—SMTP; 2—POP3; 3—IMAP; 4—HTTP)

blockedConnectionAlertExePath

.1.9.9

Executable path of the program that establish the connection (string)

blockedConnectionAlertUserName

.1.9.10

Name of the user with whose privileges is executing the program that establish the connection (string)

stat

Statistics on the operation of the software product

threatCounters

.2.1

Counters of detected threats

knownVirus

.2.1.1

Number of detected known viruses (counter; integer)

suspicious

.2.1.2

Number of detected suspicious objects (counter; integer)

adware

.2.1.3

Number of detected adware (counter; integer)

dialers

.2.1.4

Number of detected dialers (counter; integer)

joke

.2.1.5

Number of detected joke programs (counter; integer)

riskware

.2.1.6

Number of detected riskware (counter; integer)

hacktool

.2.1.7

Number of detected hacktools (counter; integer)

scanErrors

.2.2

Counters of the errors that occurred while files were scanned

sePathNotAbsolute

.2.2.1

Number of occurrences of the “Path is not absolute” error (counter, integer)

seFileNotFound

.2.2.2

Number of occurrences of the “File not found” error (counter, integer)

seFileNotRegular

.2.2.3

Number of occurrences of the “File is not a regular file” error (counter, integer)

seFileNotBlockDevice

.2.2.4

Number of occurrences of the “File is not a block device” error (counter, integer)

seNameTooLong

.2.2.5

Number of occurrences of the “Path or file name is too long” error (counter, integer)

seNoAccess

.2.2.6

Number of occurrences of the “Permission denied” error (counter, integer)

seReadError

.2.2.7

Number of occurrences of the “Read error” (counter, integer)

seWriteError

.2.2.8

Number of occurrences of the “Write error” (counter, integer)

seFileTooLarge

.2.2.9

Number of occurrences of the “File size too big” error (counter, integer)

seFileBusy

.2.2.10

Number of occurrences of the “File is busy” error (counter, integer)

seUnpackingError

.2.2.20

Number of occurrences of the “Unpacking error” (counter, integer)

sePasswordProtecetd

.2.2.21

Number of occurrences of the “Password protected” error (counter, integer)

seArchCrcError

.2.2.22

Number of occurrences of the “Archive Cyclic Redundancy Check error” (counter, integer)

seArchInvalidHeader

.2.2.23

Number of occurrences of the “Invalid archive header” error (counter, integer)

seArchNoMemory

.2.2.24

Number of occurrences of the “Not enough memory to process the archive” error (counter, integer)

seArchIncomplete

.2.2.25

Number of occurrences of the “Incomplete archive” error (counter, integer)

seCanNotBeCured

.2.2.26

Number of occurrences of the “Object cannot be cured” error (counter, integer)

sePackerLevelLimit

.2.2.30

Number of occurrences of the error that states that the maximum nesting level of packed objects was exceeded (counter, integer)

seArchiveLevelLimit

.2.2.31

Number of occurrences of the error that states that the maximum nesting level of archives was exceeded (counter, integer)

seMailLevelLimit

.2.2.32

Number of occurrences of the error that states that the maximum nesting level of email files was exceeded (counter, integer)

seContainerLevelLimit

.2.2.33

Number of occurrences of the error that states that the maximum nesting level of container files was exceeded (counter, integer)

seCompressionLimit

.2.2.34

Number of occurrences of the “Exceeded the maximum compression ratio” error (counter, integer)

seReportSizeLimit

.2.2.35

Number of occurrences of the “Exceeded the maximum size of the scanning results report” error (counter, integer)

seScanTimeout

.2.2.40

Number of occurrences of the “Scan timeout expired” error (counter, integer)

seEngineCrash

.2.2.41

Number of occurrences of the “Scanning Engine crash was detected” error (counter, integer)

seEngineHangup

.2.2.42

Number of occurrences of the “Scanning Engine stopped responding” error (counter, integer)

seEngineError

.2.2.44

Number of occurrences of the “Internal error of the Scanning Engine” (counter, integer)

seNoLicense

.2.2.45

Number of occurrences of the “No valid license found” error (counter, integer)

seNonSupportedDisk

.2.2.50

Number of Occurrences of the “Unsupported disk” error (counter, integer)

seUnexpectedError

.2.2.100

Number of occurrences of the “Unexpected error” (counter, integer)

scanLoadAverage

.2.3

Metrics of the file scanning load

filesScannedTable

.2.3.1

Average numbers of files scanned at the request of other components

filesScannedEntry

.2.3.1.1

Component of the product (entire table row, record)

filesScannedIndex

.2.3.1.1.1

Index of the component (identifier, integer***)

filesScannedOrigin

.2.3.1.1.2

Name of the component

filesScanned1min

.2.3.1.1.3

The average (averaged over one minute) number of files checked per second (string)

filesScanned5min

.2.3.1.1.4

The average (averaged over 5 minutes) number of files checked per second (string)

filesScanned15min

.2.3.1.1.5

The average (averaged over 15 minutes) number of files checked per second (string)

bytesScannedTable

.2.3.2

Average speed (in bytes per second) of scanning performed at the request of other components

bytesScannedEntry

.2.3.2.1

Component of the product (entire table row, record)

bytesScannedIndex

.2.3.2.1.1

Index of the component (identifier, integer***)

bytesScannedOrigin

.2.3.2.1.2

Name of the component

bytesScanned1min

.2.3.2.1.3

The average (averaged over one minute) number of bytes scanned per second (string)

bytesScanned5min

.2.3.2.1.4

The average (averaged over 5 minutes) number of bytes scanned per second (string)

bytesScanned15min

.2.3.2.1.5

The average (averaged over 15 minutes) number of bytes scanned per second (string)

cacheHitFilesTable

.2.3.3

Average numbers of scanning reports retrieved from the cache at the request of the components

cacheHitFilesEntry

.2.3.3.1

Component of the product (entire table row, record)

cacheHitFilesIndex

.2.3.3.1.1

Index of the component (identifier, integer***)

cacheHitFilesOrigin

.2.3.3.1.2

Name of the component

cacheHitFiles1min

.2.3.3.1.3

The average (averaged over one minute) number of reports retrieved from the cache per second (string)

cacheHitFiles5min

.2.3.3.1.4

The average (averaged over 5 minutes) number of reports retrieved from the cache per second (string)

cacheHitFiles15min

.2.3.3.1.5

The average (averaged over 15 minutes) number of reports retrieved from the cache per second (string)

errorsTable

.2.3.4

Average numbers of errors during the scanning that was performed at the request of the components

errorsEntry

.2.3.4.1

Component of the product (entire table row, record)

errorsIndex

.2.3.4.1.1

Index of the component (identifier, integer***)

errorsOrigin

.2.3.4.1.2

Name of the component

errors1min

.2.3.4.1.3

The average (averaged over one minute) number of scanning errors per second (string)

errors5min

.2.3.4.1.4

The average (averaged over 5 minutes) number of scanning errors per second (string)

errors15min

.2.3.4.1.5

The average (averaged over 15 minutes) number of scanning errors per second (string)

net

.2.4

Statistics on network activity

markedAsSpam

.2.4.1

Number of email messages marked as spam (counter, integer)

blockedInfectionSource

.2.4.101

Number of blocked URLs belonging to the “Infection Source” category (counter, integer)

blockedNotRecommended

.2.4.102

Number of blocked URLs belonging to the “Not Recommended” category (counter, integer)

blockedAdultContent

.2.4.103

Number of blocked URLs belonging to the “Adult Content” category (counter, integer)

blockedViolence

.2.4.104

Number of blocked URLs belonging to the “Violence” category (counter, integer)

blockedWeapons

.2.4.105

Number of blocked URLs belonging to the “Weapons” category (counter, integer)

blockedGambling

.2.4.106

Number of blocked URLs belonging to the “Gambling” category (counter, integer)

blockedDrugs

.2.4.107

Number of blocked URLs belonging to the “Drugs” category (counter, integer)

blockedObsceneLanguage

.2.4.108

Number of blocked URLs belonging to the “Obscene Language” category (counter, integer)

blockedChats

.2.4.109

Number of blocked URLs belonging to the “Chats” category (counter, integer)

blockedTerrorism

.2.4.110

Number of blocked URLs belonging to the “Terrorism” category (counter, integer)

blockedFreeEmail

.2.4.111

Number of blocked URLs belonging to the “Free Email Services” category (counter, integer)

blockedSocialNetworks

.2.4.112

Number of blocked URLs belonging to the “Social Networks” category (counter, integer)

blockedOwnersNotice

.2.4.113

Number of blocked URLs belonging to the “Copyright Owner`s Notice” category (counter, integer)

blockedBlackList

.2.4.120

Number of blocked URLs from the user’s black list (counter, integer)

info

Information about the current state of the program

components

.3.1

Current state of the program’s components

configd

.3.1.1

drweb-configd component data

configdState

.3.1.1.1

Current state of the component (integer****)

configdExitCode

.3.1.1.2

Last exit code (integer corresponding to code from error catalogue)

configdExitTime

.3.1.1.3

Time of the last termination (UNIX time)

configdInstalledApps

.3.1.1.101

List of installed components

configdAppEntry

.3.1.1.101.1

Information about the installed component (entire table row, record)

configdAppIndex

.3.1.1.101.1.1

Index (ordinal number) of the installed component (integer)

configdAppName

.3.1.1.101.1.2

Name of the installed component (string)

configdAppExePath

.3.1.1.101.1.3

Path to the executable file of the component (string)

configdAppInstallTime

.3.1.1.101.1.4

Time when the component was installed (UNIX time)

configdAppIniSection

.3.1.1.101.1.5

Name of the section with the component’s parameters in the configuration file

scanEngine

.3.1.2

drweb-se component data

scanEngineState

.3.1.2.1

Current state of the component (integer****)

scanEngineExitCode

.3.1.2.2

Last exit code (integer corresponding to code from error catalogue)

scanEngineExitTime

.3.1.2.3

Time of the last termination (UNIX time)

scanEngineStatus

.3.1.2.101

Current state of the Dr.Web Virus-Finding Engine (integer)

scanEngineVersion

.3.1.2.102

Version of the Dr.Web Virus-Finding Engine (string)

scanEngineVirusRecords

.3.1.2.103

Number of virus records (integer)

scanEngineMaxForks

.3.1.2.104

Maximum number of child processes for scanning (integer)

scanEngineQueues

.3.1.2.105

Scan task queues

scanEngineQueuesLow

.3.1.2.105.1

The queue of low-priority tasks

scanEngineQueueLowOut

.3.1.2.105.1.1

Number of low-priority tasks popped from the queue and transferred to processing (counter, integer)

scanEngineQueueLowSize

.3.1.2.105.1.2

Number of low-priority tasks in the queue waiting to be processed (counter, integer)

scanEngineQueuesMedium

.3.1.2.105.2

The queue of normal-priority tasks

scanEngineQueueMediumOut

.3.1.2.105.2.1

The number of normal-priority tasks popped from the queue and transferred to processing (counter, integer)

scanEngineQueueMediumSize

.3.1.2.105.2.2

Number of normal-priority tasks in the queue waiting to be processed (counter, integer)

scanEngineQueuesHigh

.3.1.2.105.3

The queue of high-priority tasks

scanEngineQueueHighOut

.3.1.2.105.3.1

The number of high-priority tasks popped from the queue and transferred to processing (counter, integer)

scanEngineQueueHighSize

.3.1.2.105.3.2

Number of high-priority tasks in the queue waiting to be processed (counter, integer)

scanEngineVirusBasesTable

.3.1.2.106

The list of virus databases.

scanEngineVirusBasesEntry

.3.1.2.106.1

Information about the virus database (entire table row; record)

scanEngineVirusBaseIndex

.3.1.2.106.1.1

Index of the virus database (integer)

scanEngineVirusBasePath

.3.1.2.106.1.2

Path to the virus database file (string)

scanEngineVirusBaseRecords

.3.1.2.106.1.3

Number of records in the virus database (integer)

scanEngineVirusBaseVersion

.3.1.2.106.1.4

Version of the virus database (integer)

scanEngineVirusBaseTimestamp

.3.1.2.106.1.5

Timestamp of the virus database (UNIX time)

scanEngineVirusBaseMD5

.3.1.2.106.1.6

MD5 checksum (string)

scanEngineVirusBaseLoadResult

.3.1.2.106.1.7

Result of the downloading of this virus database (string)

scanEngineQueuesTab

.3.1.2.107

The list of scan task queues

scanEngineQueueEntry

.3.1.2.107.1

Information about the queue (entire table row, record)

scanEngineQueueIndex

.3.1.2.107.1.1

Index (ordinal number) of the queue (integer)

scanEngineQueueName

.3.1.2.107.1.2

Name of the queue (string)

scanEngineQueueOut

.3.1.2.107.1.3

The number of tasks popped from the queue and transferred to processing (counter, integer)

scanEngineQueueSize

.3.1.2.107.1.4

Number of tasks in the queue waiting to be processed (counter, integer)

fileCheck

.3.1.3

drweb-filecheck component data

fileCheckState

.3.1.3.1

Current state of the component (integer****)

fileCheckExitCode

.3.1.3.2

Last exit code (integer corresponding to code from error catalogue)

fileCheckExitTime

.3.1.3.3

Time of the last termination (UNIX time)

fileCheckScannedFiles

.3.1.3.101

Number of scanned files (counter, integer)

fileCheckScannedBytes

.3.1.3.102

Number of scanned bytes (counter, integer)

fileCheckCacheHitFiles

.3.1.3.103

Number of scan reports retrieved from the cache (counter, integer)

fileCheckScanErrors

.3.1.3.104

Number of error occurrences in the Scanning Engine (counter, integer)

fileCheckScanStat

.3.1.3.105

List of clients

fileCheckClientEntry

.3.1.3.105.1

Information about the client (entire table row; record)

fileCheckClientIndex

.3.1.3.105.1.1

Index (ordinal number) of the client (integer)

fileCheckClientName

.3.1.3.105.1.2

Name of the client component (string)

fileCheckClientScannedFiles

.3.1.3.105.1.3

The number of files scanned for this client (counter, integer)

fileCheckClientScannedBytes

.3.1.3.105.1.4

The number of bytes scanned for this client (counter, integer)

fileCheckClientCacheHitFiles

.3.1.3.105.1.5

The number of scan reports retrieved from the cache for this client (counter, integer)

fileCheckClientScanErrors

.3.1.3.105.1.6

Number of error occurrences in the Scanning Engine when working for this client (counter, integer)

update

.3.1.4

drweb-update component data

updateState

.3.1.4.1

Current state of the component (integer****)

updateExitCode

.3.1.4.2

Last exit code (integer corresponding to code from error catalogue)

updateExitTime

.3.1.4.3

Time of the last termination (UNIX time)

updateBytesSent

.3.1.4.101

Number of bytes sent (counter, integer)

updateBytesReceived

.3.1.4.102

Number of bytes received (counter, integer)

esagent

.3.1.5

drweb-esagent component data

esagentState

.3.1.5.1

Current state of the component (integer****)

esagentExitCode

.3.1.5.2

Last exit code (integer corresponding to code from error catalogue)

esagentExitTime

.3.1.5.3

Time of the last termination (UNIX time)

esagentWorkStatus

.3.1.5.101

Component’s current mode of operation (integer: 1—standalone mode, 2—is connecting, 3—is awaiting connection, 4—connection has been approved)

esagentIsConnected

.3.1.5.102

Is connected to the server (integer, 0—no, 1—yes)

esagentServer

.3.1.5.103

Address of the central protection server that is used (string)

netcheck

.3.1.6

drweb-netcheck component data

netcheckState

.3.1.6.1

Current state of the component (integer****)

netcheckExitCode

.3.1.6.2

Last exit code (integer corresponding to code from error catalogue)

netcheckExitTime

.3.1.6.3

Time of the last termination (UNIX time)

netcheckLocalSeForks

.3.1.6.101

The number of Scanning Engine processes available locally (integer)

netcheckRemoteSeForks

.3.1.6.102

Number of Scanning Engine processes available remotely (integer)

netcheckLocalFilesScanned

.3.1.6.103

The number of files that have been scanned locally (counter, integer)

netcheckNetworkFilesScanned

.3.1.6.104

The number of files that have been scanned via remote scanning (counter, integer)

netcheckLocalBytesScanned

.3.1.6.105

The number of bytes that have been scanned locally (counter, integer)

netcheckNetworkBytesScanned

.3.1.6.106

The number of bytes that have been scanned via remote scanning (counter, integer)

netcheckLocalBytesIn

.3.1.6.107

The number of bytes received from local clients (counter, integer)

netcheckLocalBytesOut

.3.1.6.108

The number of bytes sent back to local clients (counter, integer)

netcheckNetworkBytesIn

.3.1.6.109

The number of bytes received from remote hosts (counter, integer)

netcheckNetworkBytesOut

.3.1.6.110

The number of bytes sent to remote hosts (counter, integer)

netcheckLocalScanErrors

.3.1.6.111

Number of error occurrences in local Scanning Engine processes (counter, integer)

netcheckNetworkScanErrors

.3.1.6.112

Number of error occurrences in remote Scanning Engine processes (counter, integer)

httpd

.3.1.7

drweb-httpd component data

httpdState

.3.1.7.1

Current state of the component (integer****)

httpdExitCode

.3.1.7.2

Last exit code (integer corresponding to code from error catalogue)

httpdExitTime

.3.1.7.3

Time of the last termination (UNIX time)

snmpd

.3.1.8

drweb-snmpd component data

snmpdState

.3.1.8.1

Current state of the component (integer****)

snmpdExitCode

.3.1.8.2

Last exit code (integer corresponding to code from error catalogue)

snmpdExitTime

.3.1.8.3

Time of the last termination (UNIX time)

clamd

.3.1.20

drweb-clamd component data

clamdState

.3.1.20.1

Current state of the component (integer****)

clamdExitCode

.3.1.20.2

Last exit code (integer corresponding to code from error catalogue)

clamdExitTime

.3.1.20.3

Time of the last termination (UNIX time)

icapd

.3.1.21

drweb-icapd component data

icapdState

.3.1.21.1

Current state of the component (integer****)

icapdExitCode

.3.1.21.2

Last exit code (integer corresponding to code from error catalogue)

icapdExitTime

.3.1.21.3

Time of the last termination (UNIX time)

icapdConnectionsIn

.3.1.21.101

Number of accepted incoming connections (counter, integer)

icapdConnectionsCount

.3.1.21.102

Number of currently opened connections (counter, integer)

icapdOptions

.3.1.21.103

Number of OPTIONS requests (counter, integer)

icapdReqmod

.3.1.21.104

Number of REQMOD requests (counter, integer)

icapdRespmod

.3.1.21.105

Number of RESPMOD requests (counter, integer)

icapdBad

.3.1.21.106

Number of invalid requests (counter, integer)

smbspider

.3.1.40

drweb-smbspider-daemon component data

smbspiderState

.3.1.40.1

Current state of the component (integer****)

smbspiderExitCode

.3.1.40.2

Last exit code (integer corresponding to code from error catalogue)

smbspiderExitTime

.3.1.40.3

Time of the last termination (UNIX time)

smbspiderConnectionsIn

.3.1.40.101

Total number of opened connections (counter, integer)

smbspiderConnectionsCount

.3.1.40.102

Number of currently opened connections (counter, integer)

smbspiderShareTable

.3.1.40.103

Statistics on the protected Samba shared resources

smbspiderShareEntry

.3.1.40.103.1

Information about the protected Samba shared resource (entire table row; record)

smbspiderShareIndex

.3.1.40.103.1.1

Index (ordinal number) of the protected Samba shared resource (integer)

smbspiderSharePath

.3.1.40.103.1.2

Path to the protected Samba shared resource (string)

smbspiderShareConnectionsIn

.3.1.40.103.1.3

Total number of opened connections (counter, integer)

smbspiderShareConnectionsCount

.3.1.40.103.1.4

Number of currently opened connections (counter, integer)

gated

.3.1.41

drweb-gated component data

gatedState

.3.1.41.1

Current state of the component (integer****)

gatedExitCode

.3.1.41.2

Last exit code (integer corresponding to code from error catalogue)

gatedExitTime

.3.1.41.3

Time of the last termination (UNIX time)

gatedInterceptedIn

.3.1.41.101

Number of intercepted connections (counter, integer)

gatedInterceptedCount

.3.1.41.102

Number of currently monitored connections (counter, integer)

maild

.3.1.42

drweb-maild component data

maildState

.3.1.42.1

Current state of the component (integer****)

maildExitCode

.3.1.42.2

Last exit code (integer corresponding to code from error catalogue)

maildExitTime

.3.1.42.3

Time of the last termination (UNIX time)

maildStat

.3.1.42.4

Statistics of the drweb-maild component operation

maildStatNative

.3.1.42.4.1

Email scanning statistics via the component’s internal interface drweb-maild (messages received by SpIDer Gate during the scan of intersepted SMTP, POP3, IMAP connections)

maildStatNativePassed

.3.1.42.4.1.1

Number of missed messages (counter, integer)

maildStatNativeRepacked

.3.1.42.4.1.2

Number of repackaged messages (counter, integer)

maildStatNativeRejected

.3.1.42.4.1.3

Number of rejected messages (counter, integer)

maildStatNativeFailed

.3.1.42.4.1.4

Number of message scanning errors (counter, integer)

maildStatNativeQueueSize

.3.1.42.4.1.5

The queue line, that is the number of files waiting to be scanned via the interface (integer)

maildStatMilter

.3.1.42.4.2

Email scanning statistics via the component’s interface Milter of the drweb-maild component

maildStatMilterPassed

.3.1.42.4.2.1

Number of missed messages (counter, integer)

maildStatMilterRepacked

.3.1.42.4.2.2

Number of repackaged messages (counter, integer)

maildStatMilterRejected

.3.1.42.4.2.3

Number of rejected messages (counter, integer)

maildStatMilterFailed

.3.1.42.4.2.4

Number of message scanning errors (counter, integer)

maildStatMilterQueueSize

.3.1.42.4.2.5

The queue line, that is the number of files waiting to be scanned via the interface (integer)

maildStatSpamc

.3.1.42.4.3

Email scanning statistics via the component’s interface Spamd of the drweb-maild component

maildStatSpamcPassed

.3.1.42.4.3.1

Number of missed messages (counter, integer)

maildStatSpamcRepacked

.3.1.42.4.3.2

Number of repackaged messages (counter, integer)

maildStatSpamcRejected

.3.1.42.4.3.3

Number of rejected messages (counter, integer)

maildStatSpamcFailed

.3.1.42.4.3.4

Number of message scanning errors (counter, integer)

maildStatSpamcQueueSize

.3.1.42.4.3.5

The queue line, that is the number of files waiting to be scanned via the interface (integer)

maildStatRspamc

.3.1.42.4.4

Email scanning statistics via the component’s interface Rspamd of the drweb-maild component

maildStatRspamcPassed

.3.1.42.4.4.1

Number of missed messages (counter, integer)

maildStatRspamcRepacked

.3.1.42.4.4.2

Number of repackaged messages (counter, integer)

maildStatRspamcRejected

.3.1.42.4.4.3

Number of rejected messages (counter, integer)

maildStatRspamcFailed

.3.1.42.4.4.4

Number of message scanning errors (counter, integer)

maildStatRspamcQueueSize

.3.1.42.4.4.5

The queue line, that is the number of files waiting to be scanned via the interface (integer)

lookupd

.3.1.43

drweb-lookupd component data

lookupdState

.3.1.43.1

Current state of the component (integer****)

lookupdExitCode

.3.1.43.2

Last exit code (integer corresponding to code from error catalogue)

lookupdExitTime

.3.1.43.3

Time of the last termination (UNIX time)

cloudd

.3.1.50

drweb-cloudd component data

clouddState

.3.1.50.1

Current state of the component (integer****)

clouddExitCode

.3.1.50.2

Last exit code (integer corresponding to code from error catalogue)

clouddExitTime

.3.1.50.3

Time of the last termination (UNIX time)

vpnd

.3.1.51

drweb-vpnd component data

vpndState

.3.1.51.1

Current state of the component (integer****)

vpndExitCode

.3.1.51.2

Last exit code (integer corresponding to code from error catalogue)

vpndExitTime

.3.1.51.3

Time of the last termination (UNIX time)

vpndWorkStatus

.3.1.51.101

Component’s current mode of operation (integer: 0—turned off, 1—server, 2—client)

vpndConnectionState

.3.1.51.102

Status of the established connection (integer: 0—status not set, 1—connecting, 2—connected, 3—error, 4—setting up NAT, 5—creating a protected tunnel)

vpndNetworkName

.3.1.51.103

Name of the created personal network (string)

meshd

.3.1.52

drweb-meshd component data

meshdState

.3.1.52.1

Current state of the component (integer****)

meshdExitCode

.3.1.52.2

Last exit code (integer corresponding to code from error catalogue)

meshdExitTime

.3.1.52.3

Time of the last termination (UNIX time)

lotus

.3.1.60

drweb-lotus component data

lotusState

.3.1.60.1

Current state of the component (integer****)

lotusExitCode

.3.1.60.2

Last exit code (integer corresponding to code from error catalogue)

lotusExitTime

.3.1.60.3

Time of the last termination (UNIX time)

macgui

.3.1.100

drweb-gui (for macOS) component data

macguiState

.3.1.100.1

Current state of the component (integer****)

macguiExitCode

.3.1.100.2

Last exit code (integer corresponding to code from error catalogue)

macguiExitTime

.3.1.100.3

Time of the last termination (UNIX time)

macspider

.3.1.102

drweb-spider (for macOS) component data

macspiderState

.3.1.102.1

Current state of the component (integer****)

macspiderExitCode

.3.1.102.2

Last exit code (integer corresponding to code from error catalogue)

macspiderExitTime

.3.1.102.3

Time of the last termination (UNIX time)

macspiderWorkStatus

.3.1.102.101

Component’s current mode of operation (integer: 0—not set, 1—loading, 2—is running)

macfirewall

.3.1.103

drweb-firewall (for macOS) component data

macfirewallState

.3.1.103.1

Current state of the component (integer****)

macfirewallExitCode

.3.1.103.2

Last exit code (integer corresponding to code from error catalogue)

macfirewallExitTime

.3.1.103.3

Time of the last termination (UNIX time)

linuxgui

.3.1.200

drweb-gui (for Linux) component data

linuxguiState

.3.1.200.1

Current state of the component (integer****)

linuxguiExitCode

.3.1.200.2

Last exit code (integer corresponding to code from error catalogue)

linuxguiExitTime

.3.1.200.3

Time of the last termination (UNIX time)

linuxspider

.3.1.201

drweb-spider (for Linux) component data

linuxspiderState

.3.1.201.1

Current state of the component (integer****)

linuxspiderExitCode

.3.1.201.2

Last exit code (integer corresponding to code from error catalogue)

linuxspiderExitTime

.3.1.201.3

Time of the last termination (UNIX time)

linuxspiderWorkStatus

.3.1.201.101

Component’s current mode of operation (integer: 0—not set, 1—loading, 2—running via fanotify, 3—running via LKM)

linuxnss

.3.1.202

drweb-nss (for Linux) component data

linuxnssState

.3.1.202.1

Current state of the component (integer****)

linuxnssExitCode

.3.1.202.2

Last exit code (integer corresponding to code from error catalogue)

linuxnssExitTime

.3.1.202.3

Time of the last termination (UNIX time)

linuxnssScannedFiles

.3.1.202.101

Number of scanned files (counter, integer)

linuxnssScannedBytes

.3.1.202.102

Number of scanned bytes (counter, integer)

linuxnssScanErrors

.3.1.202.103

Number of scanning error occurrences (counter, integer)

linuxfirewall

.3.1.203

drweb-firewall (for Linux) component data

linuxfirewallState

.3.1.203.1

Current state of the component (integer****)

linuxfirewallExitCode

.3.1.203.2

Last exit code (integer corresponding to code from error catalogue)

linuxfirewallExitTime

.3.1.203.3

Time of the last termination (UNIX time)

ctl

.3.1.300

drweb-ctl component data

ctlState

.3.1.300.1

Current state of the component (integer****)

ctlExitCode

.3.1.300.2

Last exit code (integer corresponding to code from error catalogue)

ctlExitTime

.3.1.300.3

Time of the last termination (UNIX time)

license

.3.2

License status

licenseEsMode

.3.2.1

The license has been granted by the central protection server (integer: 0—no, 1—yes)

licenseNumber

.3.2.2

License number (integer)

licenseOwner

.3.2.3

License owner (string)

licenseActivated

.3.2.4

License activation date (UNIX time)

licenseExpires

.3.2.5

License expiration date (UNIX time)

*) Threat types:

Code

Threat Type

1

Known virus

2

Suspicious object

3

Adware

4

Dialer

5

Joke program

6

Riskware

7

Hacktool

**) Categories of URL:

Code

Threat Type

1

Infection source

2

Not recommended

3

Adult content

4

Violence

5

Weapons

6

Gambling

7

Drugs

8

Obscene language

9

Chats

10

Terrorism

11

Free email

12

Social networks

13

URL added due to a notice from copyright owner

14

Added to black list

***) Codes of Dr.Web components:

Code

Component

1

Dr.Web ConfigD (drweb-configd)

2

Dr.Web Scanning Engine (drweb-se)

3

Dr.Web File Checker (drweb-filecheck)

4

Dr.Web Updater (drweb-update)

5

Dr.Web ES Agent (drweb-esagent)

6

Dr.Web Network Checker (drweb-netcheck)

7

Dr.Web HTTPD (drweb-httpd)

8

Dr.Web SNMPD (drweb-snmpd)

20

Dr.Web ClamD (drweb-clamd)

21

Dr.Web ICAPD (drweb-icapd)

40

SpIDer Guard for SMB (drweb-smbspider-daemon)

41

SpIDer Gate (drweb-gated)

42

Dr.Web MailD (drweb-maild)

43

Dr.Web LookupD (drweb-lookupd)

50

Dr.Web CloudD (drweb-cloudd)

51

Dr.Web VPND (drweb-vpnd)

52

Dr.Web MeshD (drweb-meshd)

60

Dr.Web for Lotus

100

drweb-gui for macOS

102

SpIDer Guard for macOC

103

Dr.Web Firewall for Linux for macOS

200

drweb-gui for Linux

201

SpIDer Guard (drweb-spider)

202

SpIDer Guard for NSS (drweb-nss)

203

Dr.Web Firewall for Linux (drweb-firewall) forLinux

300

Dr.Web Ctl (drweb-ctl)

400

Enterprise scanner (this is not a real component of the product)

****) Possible states of the components:

Code

Status

0

Not installed

1

Installed but not started

2

Is starting

3

Is running

4

Is exiting

To get the values of the variables directly, you can use the snmpwalk utility:

$ snmpwalk -Os -c <community> -v <SNMP version> <host address> <OID>

For example, to get statistics about the threats detected on the local machine, use the following command (if the settings of Dr.Web SNMPD are set to their default values):

$ snmpwalk -Os -c public -v 2c 127.0.0.1 .1.3.6.1.4.1.29690.2.2.1