Trouble getting SNMP to work in Squid 5

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Trouble getting SNMP to work in Squid 5

Chris Horry-2
Hello all,

I'm using the following configuration for SNMP:

acl horry src 192.168.0.0/16 
...
snmp_port 3401
acl snmppublic snmp_community <snip>
snmp_access allow snmppublic horry localhost
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0



Squid is compiled with the --enable-snmp option.

$ squid --version
Squid Cache: Version 5.0.0-20171215-rb7c260f
Service Name: squid
configure options:  '--enable-ssl' '--enable-linux-netfilter' '--enable-htcp' '--enable-snmp' '--enable-storeio=ufs,diskd,aufs' '--enable-async-io' '--with-aio' '--with-large-files' '--enable-removal-policies=heap'

However, when I try to query SNMP:

$ snmpwalk -m ../share/mib.txt -v2c -Cc -c <snip> localhost:3401
MIB search path: /home/zerbey/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (SNMPv2-SMI): At line 8 in ../share/mib.txt
Cannot find module (SNMPv2-TC): At line 11 in ../share/mib.txt
Cannot find module (INET-ADDRESS-MIB): At line 14 in ../share/mib.txt
Did not find 'enterprises' in module #-1 (../share/mib.txt)
Did not find 'DisplayString' in module #-1 (../share/mib.txt)
Did not find 'InetAddressType' in module #-1 (../share/mib.txt)
Did not find 'InetAddress' in module #-1 (../share/mib.txt)
Unlinked OID in SQUID-MIB: nlanr ::= { enterprises 3495 }
Undefined identifier: enterprises near line 50 of ../share/mib.txt
Cannot adopt OID in SQUID-MIB: cacheCurrentFileDescrMax ::= { cacheSysPerf 13 }
...this continues for many lines, but the gist is it doesn't get any data... ending on...
Cannot adopt OID in SQUID-MIB: cacheIpCache ::= { cacheNetwork 1 }


Tried various iterations of snmpwalk including from other hosts and with udp/tcp.  Never get any response. 

Not sure where to go from here, is there any other debugging I can enable or is SNMP configured differently in v5?

Thanks!

Chris




--
Chris Horry 

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Trouble getting SNMP to work in Squid 5

Amos Jeffries
Administrator


On 21/12/17 15:53, Chris Horry wrote:
> Hello all,
>
> I'm using the following configuration for SNMP:
>
> acl horry src 192.168.0.0/16 <http://192.168.0.0/16>
> ...
> snmp_port 3401
> acl snmppublic snmp_community <snip>
> snmp_access allow snmppublic horry localhost

NP: src-IP address cannot simultaneously be 127.0.0.1 and a 192.168.*.*
IP. So requests will be denied, but that is not your current problem.

> snmp_incoming_address 0.0.0.0
> snmp_outgoing_address 0.0.0.0
>
>
>
> Squid is compiled with the --enable-snmp option.
>
> $ squid --version
> Squid Cache: Version 5.0.0-20171215-rb7c260f
> Service Name: squid
> configure options:  '--enable-ssl' '--enable-linux-netfilter'
> '--enable-htcp' '--enable-snmp' '--enable-storeio=ufs,diskd,aufs'
> '--enable-async-io' '--with-aio' '--with-large-files'
> '--enable-removal-policies=heap'
>
> However, when I try to query SNMP:
>
> $ snmpwalk -m ../share/mib.txt -v2c -Cc -c <snip> localhost:3401

You will need to use 127.0.0.1 explicitly or the localhost-ip4 name if
you hosts file defines one. "localhost:3401" also resolves to [::1]:3401
which you have closed.


> MIB search path:
> /home/zerbey/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
> Cannot find module (SNMPv2-SMI): At line 8 in ../share/mib.txt
> Cannot find module (SNMPv2-TC): At line 11 in ../share/mib.txt
> Cannot find module (INET-ADDRESS-MIB): At line 14 in ../share/mib.txt
> Did not find 'enterprises' in module #-1 (../share/mib.txt)
> Did not find 'DisplayString' in module #-1 (../share/mib.txt)
> Did not find 'InetAddressType' in module #-1 (../share/mib.txt)
> Did not find 'InetAddress' in module #-1 (../share/mib.txt)
> Unlinked OID in SQUID-MIB: nlanr ::= { enterprises 3495 }
> Undefined identifier: enterprises near line 50 of ../share/mib.txt
> Cannot adopt OID in SQUID-MIB: cacheCurrentFileDescrMax ::= {
> cacheSysPerf 13 }
> ...this continues for many lines, but the gist is it doesn't get any
> data... ending on...
> Cannot adopt OID in SQUID-MIB: cacheIpCache ::= { cacheNetwork 1 }
>

Are you sure your system snmp is installed correctly? That looks like
the basic system MIB files are missing or unreadable.


>
> Tried various iterations of snmpwalk including from other hosts and with
> udp/tcp.  Never get any response.
>
> Not sure where to go from here, is there any other debugging I can
> enable or is SNMP configured differently in v5?

It's the same in all v3+.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Trouble getting SNMP to work in Squid 5

Amos Jeffries
Administrator
In reply to this post by Chris Horry-2
On 2017-12-22 03:50, Chris Horry wrote:

> On Thu, Dec 21, 2017 at 12:13 AM, Amos Jeffries <[hidden email]>
> wrote:
>
>> On 21/12/17 15:53, Chris Horry wrote:
>>
>>> Hello all,
>>>
>>> I'm using the following configuration for SNMP:
>>>
>>> acl horry src 192.168.0.0/16 [1] <http://192.168.0.0/16>
>>> ...
>>> snmp_port 3401
>>> acl snmppublic snmp_community <snip>
>>> snmp_access allow snmppublic horry localhost
>>
>> NP: src-IP address cannot simultaneously be 127.0.0.1 and a
>> 192.168.*.* IP. So requests will be denied, but that is not your
>> current problem.
>
> Could you explain this a little better?  I'm trying to allow SNMP
> requests from a different host in my 192.168/16 subnet.  Queries from
> that host fail too even with the mib file in place. I removed
> localhost from the acl and still no dice.  Perhaps I'm
> misunderstanding how the ACL works.

The ACLs "horry localhost" you had requires that the clients IP (src) be
127.0.0.1 AND in the range 192.168.0.0/16. So even if Squid received the
SNMP request it would have rejected the query.

The MIB problem is happening inside snmpwalk itself and Squid is not
involved with any of that.

>
>  $ snmpwalk -m /home/zerbey/mib.txt -v2c -Cc -c monstersinc
> uwwwcache.horry.org:3401 [2]
> MIB search path:
> /home/zerbey/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
> Cannot find module (SNMPv2-SMI): At line 8 in /home/zerbey/mib.txt
> Cannot find module (SNMPv2-TC): At line 11 in /home/zerbey/mib.txt
> Cannot find module (INET-ADDRESS-MIB): At line 14 in
> /home/zerbey/mib.txt
> Did not find 'enterprises' in module #-1 (/home/zerbey/mib.txt)
> Did not find 'DisplayString' in module #-1 (/home/zerbey/mib.txt)
> Did not find 'InetAddressType' in module #-1 (/home/zerbey/mib.txt)
> Did not find 'InetAddress' in module #-1 (/home/zerbey/mib.txt)
...

>
> The mib.txt is taken directly from the squid source.

The Squid MIB is being loaded, its the system ones which do the type
definitions used by Squid that are not loading properly.

>
> Note: SNMP is properly installed, I'm monitoring multiple other
> systems on my network with no issues whatsoever.  Is there some more
> detailed logging I can enable to see if squid is even receiving the
> queries?
>

Weird. It works for me.

It is definitely a problem with the MIB files and snmpwalk itself
though. It should work if you just use the raw OID values (omit the -m
parameter) and walk the tree Squid produces.
  https://wiki.squid-cache.org/Features/Snmp#Squid_OIDs

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users