On 2017-12-22 03:50, Chris Horry wrote:
On Thu, Dec 21, 2017 at 12:13 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
wrote:
On 21/12/17 15:53, Chris Horry wrote:
Hello all,
I'm using the following configuration for SNMP:
acl horry src 192.168.0.0/16 [1] <http://192.168.0.0/16>
...
snmp_port 3401
acl snmppublic snmp_community <snip>
snmp_access allow snmppublic horry localhost
NP: src-IP address cannot simultaneously be 127.0.0.1 and a
192.168.*.* IP. So requests will be denied, but that is not your
current problem.
Could you explain this a little better? I'm trying to allow SNMP
requests from a different host in my 192.168/16 subnet. Queries from
that host fail too even with the mib file in place. I removed
localhost from the acl and still no dice. Perhaps I'm
misunderstanding how the ACL works.
The ACLs "horry localhost" you had requires that the clients IP (src) be
127.0.0.1 AND in the range 192.168.0.0/16. So even if Squid received the
SNMP request it would have rejected the query.
The MIB problem is happening inside snmpwalk itself and Squid is not
involved with any of that.
$ snmpwalk -m /home/zerbey/mib.txt -v2c -Cc -c monstersinc
uwwwcache.horry.org:3401 [2]
MIB search path:
/home/zerbey/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (SNMPv2-SMI): At line 8 in /home/zerbey/mib.txt
Cannot find module (SNMPv2-TC): At line 11 in /home/zerbey/mib.txt
Cannot find module (INET-ADDRESS-MIB): At line 14 in
/home/zerbey/mib.txt
Did not find 'enterprises' in module #-1 (/home/zerbey/mib.txt)
Did not find 'DisplayString' in module #-1 (/home/zerbey/mib.txt)
Did not find 'InetAddressType' in module #-1 (/home/zerbey/mib.txt)
Did not find 'InetAddress' in module #-1 (/home/zerbey/mib.txt)
...
The mib.txt is taken directly from the squid source.
The Squid MIB is being loaded, its the system ones which do the type
definitions used by Squid that are not loading properly.
Note: SNMP is properly installed, I'm monitoring multiple other
systems on my network with no issues whatsoever. Is there some more
detailed logging I can enable to see if squid is even receiving the
queries?
Weird. It works for me.
It is definitely a problem with the MIB files and snmpwalk itself
though. It should work if you just use the raw OID values (omit the -m
parameter) and walk the tree Squid produces.
https://wiki.squid-cache.org/Features/Snmp#Squid_OIDs
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
