Contributors: Mark Visser.
Squid version 2 does, earlier versions do not.
You can use Matija Grabnar's mrtg-for-squid package to monitor Squid-1.1 and earlier versions with MRTG.
First, you must enable compiling of the SNMP code with the configure script:
./configure --enable-snmp [ ... other configure options ]Next, recompile the sources entirely:
make clean make all make installNext, configure SNMP in the squid.conf file. You MUST add the snmp_agent_conf lines as there is no default for those.
A sort of default, working configuration is:
snmp_port 3401 snmp_mib_path /local/squid/etc/mib.txt snmp_agent_conf view all .1.3.6 included snmp_agent_conf view squid .1.3.6 included snmp_agent_conf user squid - all all public snmp_agent_conf user all all all all squid snmp_agent_conf community public squid squid snmp_agent_conf community readwrite all all
Note that for security you are advised to restrict SNMP access to your caches. You can do this easily as follows:
acl snmpmanagementhosts 1.2.3.4/255.255.255.255 1.2.3.0/255.255.255.0 snmp_acl public deny all !snmpmanagementhosts snmp_acl readwrite deny all
by David Luyer
snmp_agent_conf view all .1.3.6 included snmp_agent_conf view squid .1.3.6 included
A view line lists a view name, and sub-part of a MIB which they are permitted to view; .1.3.6 would mean .iso.org.dod ; a heap of stuff in SNMP is under this (eg, .1.3.6.1 is .iso.org.dod.internet).
The last token can be included or excluded.
This creates views all and squid which can both access all of .1.3.6.
snmp_agent_conf user squid - all all public snmp_agent_conf user all all all all squidThis section looks like it is SNMPv2 setup... I don't use SNMPv2 so I don't really know how it all works but this is what it seems to be saying.
User public has
they can only read the view 'squid'.
User squid has
That is, a user squid can do anything with or without auth.
snmp_agent_conf community public squid squid snmp_agent_conf community readwrite all all
And the last section, SNMPv1 setup... this is just your normal old SNMP session where the community name is the password.
SNMP community name public has
SNMP community name readwrite has
No, not at the moment. We have a Cache SNMP mailing list intended to foster discussion on this subject. A draft of a possible proxy mib has been developed as is available for comment.
The MIB we use for Squid is evolving as well. The fifth draft of Squid's MIB is currently being implemented (Last update 10/10/98).
You can test if your Squid supports SNMP with the snmpwalk program (snmpwalk is a part of the UCD-SNMP project). Note that you have to specify the SNMP port, which in Squid defaults to 3401.
snmpwalk -p 3401 hostname communitystring .1.3.6.1.4.1.3495.1.1If it gives output like:
enterprises.nlanr.squid.cacheSystem.cacheSysVMsize = 7970816 enterprises.nlanr.squid.cacheSystem.cacheSysStorage = 2796142 enterprises.nlanr.squid.cacheSystem.cacheUptime = Timeticks: (766299) 2:07:42.99then it is working ok, and you should be able to make nice statistics out of it. For programs you can use to monitor your cache with, see below.
For an explanation of what every string (OID) does, you should read the Squid MIB. Alternatively you can read mibdefs.pm for a shorter description of a few variables.
We use MRTG to query Squid through its SNMP interface.
To effectively use mrtg for cache statistics, you should apply this patch which adds per minute/per hour averaging options (rather than per second figures), changes the default snmp port to 3401, and other minor changes. If the patch doesn't work for you, have a look at our mrtg Perl script and mibdefs.pm. And here's a sample config file for squid.nlanr.net.
Note, recent version of MRTG allow you to specify the port number in the target configuration keyword.
To see how cool it looks, check out the SNMP graphs for the NLANR caches (Warning, there are LOTS of images).
We have also had good luck with scotty.
There are a lot of things you can do with SNMP and Squid. It can be useful in some extent for a longer term overview of how your proxy is doing. It can also be used as a problem solver. For example: how is it going with your filedescriptor usage? or your much does your LRU vary along a day. Things you can't monitor very well normally, aside from clicking at the cachemgr frequently. Why not let MRTG do it for you?
General Discussion: cache-snmp@ircache.net These messages are archived.
Subscriptions should be sent to: cache-snmp-request@ircache.net.