[squid-users] Trouble getting SNMP to work in Squid 5

Amos Jeffries squid3 at treenet.co.nz
Fri Dec 22 01:56:38 UTC 2017


On 2017-12-22 03:50, Chris Horry wrote:
> On Thu, Dec 21, 2017 at 12:13 AM, Amos Jeffries <squid3 at treenet.co.nz>
> wrote:
> 
>> On 21/12/17 15:53, Chris Horry wrote:
>> 
>>> Hello all,
>>> 
>>> I'm using the following configuration for SNMP:
>>> 
>>> acl horry src 192.168.0.0/16 [1] <http://192.168.0.0/16>
>>> ...
>>> snmp_port 3401
>>> acl snmppublic snmp_community <snip>
>>> snmp_access allow snmppublic horry localhost
>> 
>> NP: src-IP address cannot simultaneously be 127.0.0.1 and a
>> 192.168.*.* IP. So requests will be denied, but that is not your
>> current problem.
> 
> Could you explain this a little better?  I'm trying to allow SNMP
> requests from a different host in my 192.168/16 subnet.  Queries from
> that host fail too even with the mib file in place. I removed
> localhost from the acl and still no dice.  Perhaps I'm
> misunderstanding how the ACL works.

The ACLs "horry localhost" you had requires that the clients IP (src) be 
127.0.0.1 AND in the range 192.168.0.0/16. So even if Squid received the 
SNMP request it would have rejected the query.

The MIB problem is happening inside snmpwalk itself and Squid is not 
involved with any of that.

> 
>  $ snmpwalk -m /home/zerbey/mib.txt -v2c -Cc -c monstersinc
> uwwwcache.horry.org:3401 [2]
> MIB search path:
> /home/zerbey/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
> Cannot find module (SNMPv2-SMI): At line 8 in /home/zerbey/mib.txt
> Cannot find module (SNMPv2-TC): At line 11 in /home/zerbey/mib.txt
> Cannot find module (INET-ADDRESS-MIB): At line 14 in
> /home/zerbey/mib.txt
> Did not find 'enterprises' in module #-1 (/home/zerbey/mib.txt)
> Did not find 'DisplayString' in module #-1 (/home/zerbey/mib.txt)
> Did not find 'InetAddressType' in module #-1 (/home/zerbey/mib.txt)
> Did not find 'InetAddress' in module #-1 (/home/zerbey/mib.txt)
...

> 
> The mib.txt is taken directly from the squid source.

The Squid MIB is being loaded, its the system ones which do the type 
definitions used by Squid that are not loading properly.

> 
> Note: SNMP is properly installed, I'm monitoring multiple other
> systems on my network with no issues whatsoever.  Is there some more
> detailed logging I can enable to see if squid is even receiving the
> queries?
> 

Weird. It works for me.

It is definitely a problem with the MIB files and snmpwalk itself 
though. It should work if you just use the raw OID values (omit the -m 
parameter) and walk the tree Squid produces.
  https://wiki.squid-cache.org/Features/Snmp#Squid_OIDs

Amos


More information about the squid-users mailing list