Re: Squid and SNMP

I had a quick look at the beta20 source, it checks the properties
of tokens[1] to make sure it is a valid username but then it uses
tokens[5] as the username later (snmp_config.c snmpCreateUser()).
This is a bug but shouldn't stop stuff working.

Anyway from the config file and source code, this is what's
happening... anyone who actually uses it can correct me of course :)

# TAG: snmp_agent_conf
# Define snmp views, users and communities
# Example:

Firstly the setup of some 'views'...

# snmp_agent_conf view all .1.3.6 included
# snmp_agent_conf view squid .1.3.6 included

A "view" line lists a 'view name', and sub-part of a MIB which they are
permitted to view; .1.3.6 would mean .iso.org.dod ; a heap of stuff
in SNMP is under this (eg, .1.3.6.1 is .iso.org.dod.internet).

The last token can be 'included' or 'excluded'.

This creates views 'all' and 'squid' which can both access all of
.1.3.6.

The next section looks like it is SNMPv2 setup... I don't use SNMPv2
so I don't really know how it all works but this is what it seems to
be saying.

# snmp_agent_conf user squid - all all public
# snmp_agent_conf user all all all all squid

user 'public' has
  nonauthread squid
  nonauthwrite - (none)
  authread all
  authwrite all

That is, a user 'public' needs to auth to get full access, without auth,
they can only read the view 'squid'.

user 'squid' has
  nonauthread all
  nonauthwrite all
  authread all
  authwrite all

That is, a 'user' squid can do anything with or without auth.

And the last section, SNMPv1 setup... this is just your normal old
SNMP session where the community name is the 'password'.

# snmp_agent_conf community public squid squid
# snmp_agent_conf community readwrite all all

SNMP community name 'public' has
  read view squid
  write view squid

SNMP community name 'readwrite' has
  read view all
  write view all

David.
Received on Wed Jun 10 1998 - 22:25:02 MDT