SQUID Frequently Asked Questions: SNMP

18.1 Does Squid support SNMP?

Squid version 2 does, earlier versions do not.

You can use Matija Grabnar's mrtg-for-squid package to monitor Squid-1.1 and earlier versions with MRTG.

18.2 How do I configure SNMP?

First, you must enable compiling of the SNMP code with the configure script:

        ./configure --enable-snmp  [ ... other configure options ]

Next, recompile the sources entirely:

        make clean
        make all
        make install

Next, configure SNMP in the squid.conf file. You MUST add the snmp_agent_conf lines as there is no default for those.

A sort of default, working configuration is:

        snmp_port 3401
        snmp_mib_path /local/squid/etc/mib.txt

        snmp_agent_conf view all .1.3.6 included
        snmp_agent_conf view squid .1.3.6 included
        snmp_agent_conf user squid - all all public
        snmp_agent_conf user all all all all  squid
        snmp_agent_conf community public squid squid
        snmp_agent_conf community readwrite all all

Note that for security you are advised to restrict SNMP access to your caches. You can do this easily as follows:

        acl snmpmanagementhosts 1.2.3.4/255.255.255.255 1.2.3.0/255.255.255.0
        snmp_acl public deny all !snmpmanagementhosts
        snmp_acl readwrite deny all

18.3 What do those snmp_agent_conf lines mean?

by David Luyer

views

        snmp_agent_conf view all .1.3.6 included
        snmp_agent_conf view squid .1.3.6 included

A view line lists a view name, and sub-part of a MIB which they are permitted to view; .1.3.6 would mean .iso.org.dod ; a heap of stuff in SNMP is under this (eg, .1.3.6.1 is .iso.org.dod.internet).

The last token can be included or excluded.

This creates views all and squid which can both access all of .1.3.6.

users

        snmp_agent_conf user squid - all all public
        snmp_agent_conf user all all all all  squid

This section looks like it is SNMPv2 setup... I don't use SNMPv2 so I don't really know how it all works but this is what it seems to be saying.

User public has

nonauthread squid
nonauthwrite - (none)
authread all
authwrite all

they can only read the view 'squid'.

User squid has

nonauthread all
nonauthwrite all
authread all
authwrite all

That is, a user squid can do anything with or without auth.

communities

        snmp_agent_conf community public squid squid
        snmp_agent_conf community readwrite all all

And the last section, SNMPv1 setup... this is just your normal old SNMP session where the community name is the password.

SNMP community name public has

read view squid
write view squid

SNMP community name readwrite has

read view all
write view all

18.4 Is there a standard SNMP MIB for Web Caches?

No, not at the moment. We have a Cache SNMP mailing list intended to foster discussion on this subject. A draft of a possible proxy mib has been developed as is available for comment.

The MIB we use for Squid is evolving as well. The fifth draft of Squid's MIB is currently being implemented (Last update 10/10/98).

18.5 How can I test if SNMP at my Squid works?

You can test if your Squid supports SNMP with the snmpwalk program (snmpwalk is a part of the UCD-SNMP project). Note that you have to specify the SNMP port, which in Squid defaults to 3401.

        snmpwalk -p 3401 hostname communitystring .1.3.6.1.4.1.3495.1.1

If it gives output like:

        enterprises.nlanr.squid.cacheSystem.cacheSysVMsize = 7970816
        enterprises.nlanr.squid.cacheSystem.cacheSysStorage = 2796142
        enterprises.nlanr.squid.cacheSystem.cacheUptime = Timeticks: (766299) 2:07:42.99

then it is working ok, and you should be able to make nice statistics out of it. For programs you can use to monitor your cache with, see below.

For an explanation of what every string (OID) does, you should read the Squid MIB. Alternatively you can read mibdefs.pm for a shorter description of a few variables.

18.6 How can I use SNMP with Squid?

MRTG

We use MRTG to query Squid through its SNMP interface.

To effectively use mrtg for cache statistics, you should apply this patch which adds per minute/per hour averaging options (rather than per second figures), changes the default snmp port to 3401, and other minor changes. If the patch doesn't work for you, have a look at our mrtg Perl script and mibdefs.pm. And here's a sample config file for squid.nlanr.net.

Note, recent version of MRTG allow you to specify the port number in the target configuration keyword.

To see how cool it looks, check out the SNMP graphs for the NLANR caches (Warning, there are LOTS of images).

scotty/tkined

We have also had good luck with scotty.

Other related sources

Squid SNMP pages
ADVENT's Java SNMP products
Python module for SNMP called SNMPY

18.7 What can I use SNMP and Squid for?

There are a lot of things you can do with SNMP and Squid. It can be useful in some extent for a longer term overview of how your proxy is doing. It can also be used as a problem solver. For example: how is it going with your filedescriptor usage? or your much does your LRU vary along a day. Things you can't monitor very well normally, aside from clicking at the cachemgr frequently. Why not let MRTG do it for you?

18.8 Where can I get more information/discussion about Squid and SNMP?

General Discussion: cache-snmp@ircache.net These messages are archived.

Subscriptions should be sent to: cache-snmp-request@ircache.net.

Previous Next Table of Contents