Re: Squid SNMP Features

From: Peter Polkinghorne <>
Date: Mon, 12 Oct 1998 17:34:12 +0200 said:
> While looking at the current implimentation of SNMP in squid I have
> encountered a number of things that I would like some consensus on.
> The first is the use of acl's in the SNMP configuration. My current
> preference would be to drop this feature totally and rely upon the
> use of community strings. This would reduce complexity and make the
> code considerably cleaner. Giving a config of:
> snmp_port 3401
> snmp_agent_conf community mysecretcommunity
Well I would oppose this - for 2 reasons:

i) VACM (View based Access Control Model) is in forthcoming SNMP v3 -
admittedly the ACLs do not quite match up with new ones (based on UCD-SNMP
config experiences) - are they SNMP v2p based?

ii) Secondly they do provide a useful security mechanism to restrict access.
How would this done without the ACLs?

I can see it would be nice to have a default config to make life simple, but
please do not throw away access control.

> The second would be to drop the ability for squid to forward SNMP.
I do not quite understand - is this to act as a sub-agent (as in agentX)? But
then I can find no mention of this in the FAQ - so what I do not know about I
will not miss!
> As part of these changes squid will no longer require the ability to
> read the mib file to startup. The library has been upgraded to remove
> a number of bugs and I will look at SNMP v2 support. These changes
> should also improve the startup time.
This should now be SNMP v3 - which is approaching standardisation - or may be
SNMP v2c - be careful as there is the failed SNMP v2 party model.
> glenn

| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
|   +44 1895 274000 x2561       UK          |
Received on Mon Oct 12 1998 - 09:35:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:27 MST