Squid SNMP remote monitoring and IP fragmentation

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid SNMP remote monitoring and IP fragmentation

Peter Viskup
We do monitor our Squid's via SNMP with Zabbix and use the template
available on Zabbix share portal [1].
Retrieval of values is not reliable. Seems to be related to IP fragmentation.

The complete answer should be 4325B long.

~# snmpwalk -m /usr/share/squid3/mib.txt -v2c -CE
.1.3.6.1.4.1.3495.1.5.2.2 -Cc -c d8d385baeb54 localhost:3401
.1.3.6.1.4.1.3495.1 2>/dev/null | wc -c
4325

But on the Squid we receive one 1514B packet (not complete answer).

What are your experiences in this area?

[1] https://share.zabbix.com/cat-app/squid-proxy-snmp

--
Peter
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid SNMP remote monitoring and IP fragmentation

Amos Jeffries
Administrator
On 03/03/18 01:28, Peter Viskup wrote:

> We do monitor our Squid's via SNMP with Zabbix and use the template
> available on Zabbix share portal [1].
> Retrieval of values is not reliable. Seems to be related to IP fragmentation.
>
> The complete answer should be 4325B long.
>
> ~# snmpwalk -m /usr/share/squid3/mib.txt -v2c -CE
> .1.3.6.1.4.1.3495.1.5.2.2 -Cc -c d8d385baeb54 localhost:3401
> .1.3.6.1.4.1.3495.1 2>/dev/null | wc -c
> 4325
>
> But on the Squid we receive one 1514B packet (not complete answer).

You do know there is a difference between binary and textual
representations of these things right?

The packets contain the full OID binary data, and the snmpwalk output is
abbreviated down to textual names which may be half or even a third the
size. Then there is the protocol headers in packets which in the case of
single SNMP queries like these are much larger than the OID and data itself.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid SNMP remote monitoring and IP fragmentation

Eliezer Croitoru
Is this SNMP value present in the cache-manager pages?
If so it would be pretty simple to write a script that will extract the relevant data via http.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Amos Jeffries
Sent: Friday, March 2, 2018 15:38
To: [hidden email]
Subject: Re: [squid-users] Squid SNMP remote monitoring and IP fragmentation

On 03/03/18 01:28, Peter Viskup wrote:

> We do monitor our Squid's via SNMP with Zabbix and use the template
> available on Zabbix share portal [1].
> Retrieval of values is not reliable. Seems to be related to IP fragmentation.
>
> The complete answer should be 4325B long.
>
> ~# snmpwalk -m /usr/share/squid3/mib.txt -v2c -CE
> .1.3.6.1.4.1.3495.1.5.2.2 -Cc -c d8d385baeb54 localhost:3401
> .1.3.6.1.4.1.3495.1 2>/dev/null | wc -c
> 4325
>
> But on the Squid we receive one 1514B packet (not complete answer).

You do know there is a difference between binary and textual
representations of these things right?

The packets contain the full OID binary data, and the snmpwalk output is
abbreviated down to textual names which may be half or even a third the
size. Then there is the protocol headers in packets which in the case of
single SNMP queries like these are much larger than the OID and data itself.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid SNMP remote monitoring and IP fragmentation

Amos Jeffries
Administrator
On 06/03/18 23:36, Eliezer Croitoru wrote:
> Is this SNMP value present in the cache-manager pages?
> If so it would be pretty simple to write a script that will extract the relevant data via http.
>

OID *.1.5.2.2 is the mgr:client_list table data, excluding the TCP_*
code breakdown for responses given.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid SNMP remote monitoring and IP fragmentation

Peter Viskup
Communication is ok. Problem was with pcap filtering based on port
number. Only the first fragment of the packet have this information.
All others have port fields empty. More information in tcpdump man
page in IP Fragmentation section.

In new packet capture the request for 87 OIDs is replied with 87
corresponding values.

Issue with not consistent data values in Zabbix are related to Zabbix
server post-processing.

On Tue, Mar 6, 2018 at 12:10 PM, Amos Jeffries <[hidden email]> wrote:

> On 06/03/18 23:36, Eliezer Croitoru wrote:
>> Is this SNMP value present in the cache-manager pages?
>> If so it would be pretty simple to write a script that will extract the relevant data via http.
>>
>
> OID *.1.5.2.2 is the mgr:client_list table data, excluding the TCP_*
> code breakdown for responses given.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users