Небольшая шпаргалка по Squid

Опубликовано – 30.04.2010

Автор:Сгибнев Михаил
v201005000

 Данная шпаргалка является небольшой компиляцией уже опубликованных раньше советов и предназначена, в основном, для администраторов небольших фирм или филиалов. Идля меня, чтобы я не забыл, что же я делал! Squid в данном случае используется для кэширования трафика, авторизации пользователей через Windows AD, антивирусная защита выполняется с помощью ClamAV.

 Обновляем систему и получаем порты после установки:

freebsd-update fetch
freebsd-update install
portsnap fetch
portsnap extract

 Устанавливаем bash

cd /usr/ports/shells/bash
make install

 Устанавливаем sudo и отключаем пользователя root. Напоминаю, что у вас должен иметься пользователь, например, admin, входящий в группу wheel.

cd /usr/ports/security/sudo
make install

  Правим sudoers, хотя можно воспользоваться утилитой visudo:

vi /usr/local/etc/sudoers


# User privilege specification
root ALL=(ALL) ALL
admin ALL=(ALL) ALL

 Отключаем root:

vipw


root:*:0:0::0:0:Charlie &:/root:/bin/csh
admin:$1$Q79D6ctDINpCzMV/:1001:1001::0:0:Admin Branch:/home/admin:/usr/local/bin/bash

 Ставим необходимые пакеты. MySQL я установил «чтоб было», в данном варианте он не нужен.

cd /usr/ports/www/apache22
make install
cd /usr/ports/lang/php5
make install
cd /usr/ports/lang/php5-extensions
make install
cd /usr/ports/databases/mysql50-server
make install

 Создаем каталоги для virtual-host. Это нам необходимо в случае, если на сервере будет крутиться еще что-то, например MRTG (в моем примере такого деления нет), дабы оно не пересекалось с каталогами Rejik и Lightsquid

mkdir /usr/local/www/apache22/data/squid
mkdir /usr/local/www/apache22/data/squid/www
mkdir /usr/local/www/apache22/data/squid/cgi-bin
mkdir /usr/local/www/apache22/data/squid/logfile
mkdir /usr/local/www/apache22/data/squid/error

 Настраиваем Apache

vi /usr/local/etc/apache22/httpd.conf



DirectoryIndex index.php index.html

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
# Virtual hosts
Include etc/apache22/extra/httpd-vhosts.conf

 Правим файл виртуальных хостов

vi /usr/local/etc/apache22/extra/httpd-vhosts.conf



ServerAdmin msgibnev@yoyo.ru
DocumentRoot /usr/local/www/apache22/data/squid/www
ServerName proxy-branch.yoyo.ru
ServerAlias proxy-branch.yoyo.ru
ErrorLog /usr/local/www/apache22/data/squid/logfile/error_log
CustomLog /usr/local/www/apache22/data/squid/logfile/access_log common
RewriteEngine On
RewriteOptions Inherit



Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all



ScriptAlias /cgi-bin/ "/usr/local/www/apache22/data/squid/cgi-bin/"



AllowOverride None
Options None
Order allow,deny
Allow from all



Alias /error/ "/usr/local/www/apache22/data/squid/error/"



AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all





 Запускаем Apache:

vi /etc/rc.conf


apache22_enable="YES"


/usr/local/etc/rc.d/apache22 start

 Устанавливаем Squid. Я в ходе make config выбрал следующие опции: SQUID_LDAP_AUTH, SQUID_SNMP, SQUID_ECAP, SQUID_ICAP

cd /usr/ports/www/squid31/
make install
vi /etc/rc.conf


squid_enable="YES"

 Активируем кэш и устанавливаем Rejik

squid -z
cd /usr/ports/www/rejik
make install
cp -R /usr/ports/www/rejik/work/banlists /usr/local/rejik
cp -R /usr/ports/www/rejik/work/squid-like-www-en/* /usr/local/www/apache22/data/squid/www/

 Добавляем необходимые настройки в Squid

vi /usr/local/etc/squid/squid.conf


url_rewrite_program /usr/local/rejik/redirector /usr/local/rejik/redirector.conf
url_rewrite_children 15

 Правим файл конфигурации Rejik по собственному разумению. Если ничсего не понимаем — то ничего не трогаем, только отключаем логирование (раскомментировать строку log off)

 Устанавливаем права доступа

/usr/local/rejik/tools/set-permissions

 В AD создаем группы squid_inet (обычный доступ) и squid_inet_full (привилегированный доступ), в которых находятся пользователи test_user и test_user_full соответственно.

 Проверяем, можем ли получить доступ к LADP от имени пользователя squidreader

ldapsearch -D "squidreader@msk.yoyo.ru" -x -W -b "dc=msk,dc=yoyo,dc=ru" -h ldap_server

 Создаем файл пароля для пользователя squidreader

/usr/local/etc/squid/adpw.txt


Poiuyt-0

 Проверяем правильность определения группы пользователя из LDAP:

/usr/local/libexec/squid/squid_ldap_group -R -b "dc=msk,dc=yoyo,dc=ru" -f "(&(sAMAccountName=%v)(memberOf=cn=%a,ou=Group-Bank,dc=msk,dc=yoyo,dc=ru))" -D squidreader@msk.yoyo.ru -W /usr/local/etc/squid/adpw.txt -H ldap://ldap_server:3268

 Ответ должен быть примерно таким:

test_user squid_inet
OK

 Проверяем правильность аутентификации пользователя

/usr/local/libexec/squid/squid_ldap_auth -R -D squidreader@msk.yoyo.ru -W /usr/local/etc/squid/adpw.txt -b "dc=msk,dc=yoyo,dc=ru" -f "sAMAccountName=%s" -H ldap://ldap_server:3268

 Ответ должен быть примерно таким:

test_user Poiuyt-0
OK

 Создадим файл, в котором будет находиться список сайтов, доступных привилегированным пользователям:

vi /usr/local/etc/squid/privilegy_site_list


.*.odnoklassniki.ru.*
.*.vkontakte.ru.*
.*.mail.ru.*

 Правим файл конфигурации Squid. На данный момент он имеет такой вид:

vi /usr/local/etc/squid/squid.conf


#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32


#=======================================
# LDAP
#=======================================


auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -D squidreader@msk.yoyo.ru -W /usr/local/etc/squid/adpw.txt -b "dc=msk,dc=yoyo,dc=ru" -f "sAMAccountName=%s" -H ldap://ldap_server:3268
auth_param basic realm yoyo Squid Proxy


external_acl_type ldap_users ttl=7200 negative_ttl=3600 children=20 protocol=3.0 %LOGIN /usr/local/libexec/squid/squid_ldap_group -R -b "dc=msk,dc=yoyo,dc=ru" -f "(&(sAMAccountName=%v)(memberOf=cn=%a,ou=Group-Bank,dc=msk,dc=yoyo,dc=ru))" -D squidreader@msk.yoyo.ru -W /usr/local/etc/squid/adpw.txt -H ldap://ldap_server:3268


#=======================================
# Rejik
#=======================================
url_rewrite_program /usr/local/rejik/redirector /usr/local/rejik/redirector.conf
url_rewrite_children 15


#IPv6 Not Available:acl localhost src ::1/128
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#IPv6 Not Available:acl to_localhost dst ::1/128


# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#IPv6 Not Available:acl localnet src fc00::/7 # RFC 4193 local private network range
#IPv6 Not Available:acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines


acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


#=======================================
# ACL for LDAP
#=======================================


acl Inet_ldap_access_standart external ldap_users squid_inet
acl Inet_ldap_access_full external ldap_users squid_inet_full
acl Inet_ldap_deny url_regex -i "/usr/local/etc/squid/privilegy_site_list"
acl Inet_ldap_permit url_regex -i "/usr/local/etc/squid/min_site_list"


#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager


# Deny requests to certain unsafe ports
http_access deny !Safe_ports


# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports


http_access allow localhost


#=======================================
# HTTP_ACCESS for LDAP
#=======================================


http_access allow Inet_ldap_access_full
http_access deny Inet_ldap_deny
deny_info http://10.33.18.16/porno.html Inet_ldap_deny
http_access allow Inet_ldap_access_standart
deny_info http://10.32.102.36/porno.html Inet_ldap_permit
http_access allow Inet_ldap_access_min Inet_ldap_permit



# And finally deny all other access to this proxy
http_access deny all


# Squid normally listens to port 3128
http_port 3128


# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?


# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/cache 100 16 256


#=======================================
# Cache settings
#=======================================


cache_swap_low 70
cache_swap_high 90
cache_mem 256 MB
memory_pools on
memory_pools_limit 120 MB
maximum_object_size 20 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 48 KB
request_header_max_size 12 KB
request_body_max_size 0 KB
ipcache_size 32768
ipcache_low 80
ipcache_high 95
fqdncache_size 1024000
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF


# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/cache


# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

 Устанавливаем Lightsquid для просмотра статистики:

cd /usr/ports/www/lightsquid
make install
cp -r /usr/local/www/lightsquid/* /usr/local/www/apache22/data/squid/cgi-bin/
cd /usr/local/www/apache22/data/squid/cgi-bin/
chmod +x *.cgi
chmod +x *.pl
chown -R www:www *

 Выполняем конфигурирование:

vi /usr/local/etc/lightsquid/lightsquid.cfg


#path to additional `cfg` files
$cfgpath ="/usr/local/etc/lightsquid";
#path to `tpl` folder
$tplpath ="/usr/local/www/apache22/data/squid/cgi-bin/tpl";
#path to `lang` folder
$langpath ="/usr/local/share/lightsquid/lang";
#path to `report` folder
$reportpath ="/usr/local/www/apache22/data/squid/cgi-bin/report";
#path to access.log
$logpath ="/var/log/squid";
#path to `ip2name` folder
$ip2namepath ="/usr/local/libexec/lightsquid";

 Конфигурируем группы:

vi /usr/local/etc/lightsquid/group.cfg


test_user 01 TestUser_StandartAccess
test_user_full 02 TestUser_FullAccess
test_user_def 03 TestUser_DefaultAccess

 Конфигурируем соответствие IP-адресов фамилиям сотрудников (при необходимости):

vi /usr/local/etc/lightsquid/realname.cfg

 Проверяем правильность конфигурирования:

/usr/local/www/apache22/data/squid/cgi-bin/check-setup.pl

 Ответ должен быть примерно таким:

LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL

LogPath : /var/log/squid
reportpath: /usr/local/www/apache22/data/squid/cgi-bin/report
Lang : /usr/local/share/lightsquid/lang/eng
Template : /usr/local/www/apache22/data/squid/cgi-bin/tpl/base
Ip2Name : /usr/local/libexec/lightsquid/ip2name.simple

all check passed, now try access to cgi part in browser

 Запускаем парсер:

/usr/local/www/apache22/data/squid/cgi-bin/lightparser.pl

 Смотрим статистику на http://адрес_сервера/cgi-bin/index.cgi. Если все нормально, то добавляем задание в cron:

crontab -e


0-59/5 * * * * /usr/local/www/apache22/data/squid/cgi-bin/lightparser.pl

 Устанавливаем антивирусную защиту:

cd /usr/ports/security/clamav
make install

 Добавляем в rc.conf обновление ClamAV:

vi /etc/rc.conf


clamav_freshclam_enable="YES"

 Запускаем демон обновления:

/usr/local/etc/rc.d/clamav-freshclam start

 Устанавливаем ICAP:

cd /usr/ports/www/c-icap
make install
chown -R cicap:cicap /var/run/c-icap

 Подготавливаем Syslog к приему сообщений от ICAP:

vi /etc/syslog.conf


*.local1 /var/log/c-icap.log

 Добаляем в файл конфигурации следующие строки:

vi /usr/local/etc/c-icap.conf


acl squid_respmod src 0.0.0.0 type respmod
icap_access allow squid_respmod

 Запускаем службу:

vi /etc/rc.conf


c_icap_enable="YES"

 Добаляем в файл конфигурации Squid следующие строки:

vi /usr/local/etc/squid/squid.conf


icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_avi_req reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service service_avi respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class class_antivirus service_avi
icap_class class_antivirus service_avi_req
icap_access class_antivirus allow all

 Настраиваем MRTG:

cd /usr/ports/net-mgmt/mrtg
make install
cd /usr/ports/net-mgmt/net-snmp
make install
mkdir /usr/local/www/apache22/data/squid/www/mrtg

 Создаем файл конфигурации MRTG:

vi /usr/local/etc/squid/mrtg.conf


WorkDir: /usr/local/www/apache22/data/squid/www/mrtg
LoadMIBs: /usr/local/etc/squid/mib.txt


Language: russian


Target[cacheHits]: cacheHttpHits&cacheProtoClientHttpRequests:squidmrtg@localhost:3401
Title[cacheHits]: HTTP Hits
PageTop[cacheHits]:

HTTP Hits / Requests


MaxBytes[cacheHits]: 10000000
Supress[cacheHits]: y
YLegend[cacheHits]: perminute
ShortLegend[cacheHits]: req/min
LegendI[cacheHits]: HTTP hits
LegendO[cacheHits]: HTTP requests
Legend1[cacheHits]: HTTP hits
Legend2[cacheHits]: HTTP requests
Options[cacheHits]: nopercent, perminute, dorelpercent


Target[cacheServerRequests]: cacheServerRequests&cacheServerRequests:squidmrtg@localhost:3401
MaxBytes[cacheServerRequests]: 10000000
Title[cacheServerRequests]: Server Requests
Options[cacheServerRequests]: nopercent
PageTop[cacheServerRequests]:

Server Requests


YLegend[cacheServerRequests]: requests/sec
ShortLegend[cacheServerRequests]: req/s
LegendI[cacheServerRequests]: Requests 
LegendO[cacheServerRequests]:
Legend1[cacheServerRequests]: Requests
Legend2[cacheServerRequests]:


Target[cacheServerErrors]: cacheServerErrors&cacheServerErrors:squidmrtg@localhost:3401
MaxBytes[cacheServerErrors]: 10000000
Title[cacheServerErrors]: Server Errors
Options[cacheServerErrors]: nopercent
PageTop[cacheServerErrors]:

Server Errors


YLegend[cacheServerErrors]: errors/sec
ShortLegend[cacheServerErrors]: err/s
LegendI[cacheServerErrors]: Errors 
LegendO[cacheServerErrors]:
Legend1[cacheServerErrors]: Errors
Legend2[cacheServerErrors]:


Target[cacheServerInOutKb]: cacheServerInKb&cacheServerOutKb:squidmrtg@localhost:3401 * 1024
MaxBytes[cacheServerInOutKb]: 1000000000
Title[cacheServerInOutKb]: Server In/Out Traffic
Options[cacheServerInOutKb]: nopercent
PageTop[cacheServerInOutKb]:

Server In/Out Traffic


YLegend[cacheServerInOutKb]: Bytes/sec
ShortLegend[cacheServerInOutKb]: Bytes/s
LegendI[cacheServerInOutKb]: Server In 
LegendO[cacheServerInOutKb]: Server Out 
Legend1[cacheServerInOutKb]: Server In
Legend2[cacheServerInOutKb]: Server Out


Target[cacheHttpErrors]: cacheHttpErrors&cacheHttpErrors:squidmrtg@localhost:3401
MaxBytes[cacheHttpErrors]: 10000000
Title[cacheHttpErrors]: HTTP Errors
Options[cacheHttpErrors]: nopercent
PageTop[cacheHttpErrors]:

HTTP Errors


YLegend[cacheHttpErrors]: errors/sec
ShortLegend[cacheHttpErrors]: err/s
LegendI[cacheHttpErrors]: Errors 
LegendO[cacheHttpErrors]:
Legend1[cacheHttpErrors]: Errors
Legend2[cacheHttpErrors]:


Target[cacheIcpPktsSentRecv]: cacheIcpPktsSent&cacheIcpPktsRecv:squidmrtg@localhost:3401
MaxBytes[cacheIcpPktsSentRecv]: 10000000
Title[cacheIcpPktsSentRecv]: ICP Packets Sent/Received
Options[cacheIcpPktsSentRecv]: nopercent
PageTop[cacheIcpPktsSentRecv]:

ICP Packets Sent/Recieved


YLegend[cacheIcpPktsSentRecv]: packets/sec
ShortLegend[cacheIcpPktsSentRecv]: pkts/s
LegendI[cacheIcpPktsSentRecv]: Pkts Sent 
LegendO[cacheIcpPktsSentRecv]: Pkts Received 
Legend1[cacheIcpPktsSentRecv]: Pkts Sent
Legend2[cacheIcpPktsSentRecv]: Pkts Received


Target[cacheIcpKbSentRecv]: cacheIcpKbSent&cacheIcpKbRecv:squidmrtg@localhost:3401 * 1024
MaxBytes[cacheIcpKbSentRecv]: 1000000000
Title[cacheIcpKbSentRecv]: ICP Bytes Sent/Received
Options[cacheIcpKbSentRecv]: nopercent
PageTop[cacheIcpKbSentRecv]:

ICP Bytes Sent/Received


YLegend[cacheIcpKbSentRecv]: Bytes/sec
ShortLegend[cacheIcpKbSentRecv]: Bytes/s
LegendI[cacheIcpKbSentRecv]: Sent 
LegendO[cacheIcpKbSentRecv]: Received 
Legend1[cacheIcpKbSentRecv]: Sent
Legend2[cacheIcpKbSentRecv]: Received


Target[cacheHttpInOutKb]: cacheHttpInKb&cacheHttpOutKb:squidmrtg@localhost:3401 * 1024
MaxBytes[cacheHttpInOutKb]: 1000000000
Title[cacheHttpInOutKb]: HTTP In/Out Traffic
Options[cacheHttpInOutKb]: nopercent
PageTop[cacheHttpInOutKb]:

HTTP In/Out Traffic


YLegend[cacheHttpInOutKb]: Bytes/second
ShortLegend[cacheHttpInOutKb]: Bytes/s
LegendI[cacheHttpInOutKb]: HTTP In 
LegendO[cacheHttpInOutKb]: HTTP Out 
Legend1[cacheHttpInOutKb]: HTTP In
Legend2[cacheHttpInOutKb]: HTTP Out


Target[cacheCurrentSwapSize]: cacheCurrentSwapSize&cacheCurrentSwapSize:squidmrtg@localhost:3401
MaxBytes[cacheCurrentSwapSize]: 1000000000
Title[cacheCurrentSwapSize]: Current Swap Size
Options[cacheCurrentSwapSize]: gauge, nopercent
PageTop[cacheCurrentSwapSize]:

Current Swap Size


YLegend[cacheCurrentSwapSize]: swap size
ShortLegend[cacheCurrentSwapSize]: Bytes
LegendI[cacheCurrentSwapSize]: Swap Size 
LegendO[cacheCurrentSwapSize]:
Legend1[cacheCurrentSwapSize]: Swap Size
Legend2[cacheCurrentSwapSize]:


Target[cacheNumObjCount]: cacheNumObjCount&cacheNumObjCount:squidmrtg@localhost:3401
MaxBytes[cacheNumObjCount]: 10000000
Title[cacheNumObjCount]: Num Object Count
Options[cacheNumObjCount]: gauge, nopercent
PageTop[cacheNumObjCount]:

Num Object Count


YLegend[cacheNumObjCount]: # of objects
ShortLegend[cacheNumObjCount]: objects
LegendI[cacheNumObjCount]: Num Objects 
LegendO[cacheNumObjCount]:
Legend1[cacheNumObjCount]: Num Objects
Legend2[cacheNumObjCount]:


Target[cacheCpuUsage]: cacheCpuUsage&cacheCpuUsage:squidmrtg@localhost:3401
MaxBytes[cacheCpuUsage]: 100
AbsMax[cacheCpuUsage]: 100
Title[cacheCpuUsage]: CPU Usage
Options[cacheCpuUsage]: absolute, gauge, noinfo, nopercent
Unscaled[cacheCpuUsage]: dwmy
PageTop[cacheCpuUsage]:

CPU Usage


YLegend[cacheCpuUsage]: usage %
ShortLegend[cacheCpuUsage]:%
LegendI[cacheCpuUsage]: CPU Usage 
LegendO[cacheCpuUsage]:
Legend1[cacheCpuUsage]: CPU Usage
Legend2[cacheCpuUsage]:


Target[cacheMemUsage]: cacheMemUsage&cacheMemUsage:squidmrtg@localhost:3401 * 1024
MaxBytes[cacheMemUsage]: 2000000000
Title[cacheMemUsage]: Memory Usage
Options[cacheMemUsage]: gauge, nopercent
PageTop[cacheMemUsage]:

Total memory accounted for


YLegend[cacheMemUsage]: Bytes
ShortLegend[cacheMemUsage]: Bytes
LegendI[cacheMemUsage]: Mem Usage 
LegendO[cacheMemUsage]:
Legend1[cacheMemUsage]: Mem Usage
Legend2[cacheMemUsage]:


Target[cacheSysPageFaults]: cacheSysPageFaults&cacheSysPageFaults:squidmrtg@localhost:3401
MaxBytes[cacheSysPageFaults]: 10000000
Title[cacheSysPageFaults]: Sys Page Faults
Options[cacheSysPageFaults]: nopercent
PageTop[cacheSysPageFaults]:

Sys Page Faults


YLegend[cacheSysPageFaults]: page faults/sec
ShortLegend[cacheSysPageFaults]: PF/s
LegendI[cacheSysPageFaults]: Page Faults 
LegendO[cacheSysPageFaults]:
Legend1[cacheSysPageFaults]: Page Faults
Legend2[cacheSysPageFaults]:


Target[cacheSysVMsize]: cacheSysVMsize&cacheSysVMsize:squidmrtg@localhost:3401 * 1024
MaxBytes[cacheSysVMsize]: 1000000000
Title[cacheSysVMsize]: Storage Mem Size
Options[cacheSysVMsize]: gauge, nopercent
PageTop[cacheSysVMsize]:

Storage Mem Size


YLegend[cacheSysVMsize]: mem size
ShortLegend[cacheSysVMsize]: Bytes
LegendI[cacheSysVMsize]: Mem Size 
LegendO[cacheSysVMsize]:
Legend1[cacheSysVMsize]: Mem Size
Legend2[cacheSysVMsize]:


Target[cacheSysStorage]: cacheSysStorage&cacheSysStorage:squidmrtg@localhost:3401
MaxBytes[cacheSysStorage]: 1000000000
Title[cacheSysStorage]: Storage Swap Size
Options[cacheSysStorage]: gauge, nopercent
PageTop[cacheSysStorage]:

Storage Swap Size


YLegend[cacheSysStorage]: swap size (KB)
ShortLegend[cacheSysStorage]: KBytes
LegendI[cacheSysStorage]: Swap Size 
LegendO[cacheSysStorage]:
Legend1[cacheSysStorage]: Swap Size
Legend2[cacheSysStorage]:


Target[cacheSysNumReads]: cacheSysNumReads&cacheSysNumReads:squidmrtg@localhost:3401
MaxBytes[cacheSysNumReads]: 10000000
Title[cacheSysNumReads]: HTTP I/O number of reads
Options[cacheSysNumReads]: nopercent
PageTop[cacheSysNumReads]:

HTTP I/O number of reads


YLegend[cacheSysNumReads]: reads/sec
ShortLegend[cacheSysNumReads]: reads/s
LegendI[cacheSysNumReads]: I/O 
LegendO[cacheSysNumReads]:
Legend1[cacheSysNumReads]: I/O
Legend2[cacheSysNumReads]:


Target[cacheCpuTime]: cacheCpuTime&cacheCpuTime:squidmrtg@localhost:3401
MaxBytes[cacheCpuTime]: 1000000000
Title[cacheCpuTime]: Cpu Time
Options[cacheCpuTime]: gauge, nopercent
PageTop[cacheCpuTime]:

Amount of cpu seconds consumed


YLegend[cacheCpuTime]: cpu seconds
ShortLegend[cacheCpuTime]: cpu seconds
LegendI[cacheCpuTime]: Mem Time 
LegendO[cacheCpuTime]:
Legend1[cacheCpuTime]: Mem Time
Legend2[cacheCpuTime]:


Target[cacheMaxResSize]: cacheMaxResSize&cacheMaxResSize:squidmrtg@localhost:3401 * 1024
MaxBytes[cacheMaxResSize]: 1000000000
Title[cacheMaxResSize]: Max Resident Size
Options[cacheMaxResSize]: gauge, nopercent
PageTop[cacheMaxResSize]:

Maximum Resident Size


YLegend[cacheMaxResSize]: Bytes
ShortLegend[cacheMaxResSize]: Bytes
LegendI[cacheMaxResSize]: Size 
LegendO[cacheMaxResSize]:
Legend1[cacheMaxResSize]: Size
Legend2[cacheMaxResSize]:


Target[cacheCurrentLRUExpiration]: cacheCurrentLRUExpiration&cacheCurrentLRUExpiration:squidmrtg@localhost:3401
MaxBytes[cacheCurrentLRUExpiration]: 1000000000
Title[cacheCurrentLRUExpiration]: LRU Expiration Age
Options[cacheCurrentLRUExpiration]: gauge, nopercent
PageTop[cacheCurrentLRUExpiration]:

Storage LRU Expiration Age


YLegend[cacheCurrentLRUExpiration]: expir (days)
ShortLegend[cacheCurrentLRUExpiration]: days
LegendI[cacheCurrentLRUExpiration]: Age 
LegendO[cacheCurrentLRUExpiration]:
Legend1[cacheCurrentLRUExpiration]: Age
Legend2[cacheCurrentLRUExpiration]:


Target[cacheCurrentUnlinkRequests]: cacheCurrentUnlinkRequests&cacheCurrentUnlinkRequests:squidmrtg@localhost:3401
MaxBytes[cacheCurrentUnlinkRequests]: 1000000000
Title[cacheCurrentUnlinkRequests]: Unlinkd Requests
Options[cacheCurrentUnlinkRequests]: nopercent
PageTop[cacheCurrentUnlinkRequests]:

Requests given to unlinkd


YLegend[cacheCurrentUnlinkRequests]: requests/sec
ShortLegend[cacheCurrentUnlinkRequests]: reqs/s
LegendI[cacheCurrentUnlinkRequests]: Unlinkd requests 
LegendO[cacheCurrentUnlinkRequests]:
Legend1[cacheCurrentUnlinkRequests]: Unlinkd requests
Legend2[cacheCurrentUnlinkRequests]:


Target[cacheCurrentUnusedFileDescrCount]: cacheCurrentUnusedFDescrCnt&cacheCurrentUnusedFDescrCnt:squidmrtg@localhost:3401
MaxBytes[cacheCurrentUnusedFileDescrCount]: 1000000000
Title[cacheCurrentUnusedFileDescrCount]: Available File Descriptors
Options[cacheCurrentUnusedFileDescrCount]: gauge, nopercent
PageTop[cacheCurrentUnusedFileDescrCount]:

Available number of file descriptors


YLegend[cacheCurrentUnusedFileDescrCount]: # of FDs
ShortLegend[cacheCurrentUnusedFileDescrCount]: FDs
LegendI[cacheCurrentUnusedFileDescrCount]: File Descriptors 
LegendO[cacheCurrentUnusedFileDescrCount]:
Legend1[cacheCurrentUnusedFileDescrCount]: File Descriptors
Legend2[cacheCurrentUnusedFileDescrCount]:


Target[cacheCurrentReservedFileDescrCount]: cacheCurrentResFileDescrCnt&cacheCurrentResFileDescrCnt:squidmrtg@localhost:3401
MaxBytes[cacheCurrentReservedFileDescrCount]: 1000000000
Title[cacheCurrentReservedFileDescrCount]: Reserved File Descriptors
Options[cacheCurrentReservedFileDescrCount]: gauge, nopercent
PageTop[cacheCurrentReservedFileDescrCount]:

Reserved number of file descriptors


YLegend[cacheCurrentReservedFileDescrCount]: # of FDs
ShortLegend[cacheCurrentReservedFileDescrCount]: FDs
LegendI[cacheCurrentReservedFileDescrCount]: File Descriptors 
LegendO[cacheCurrentReservedFileDescrCount]:
Legend1[cacheCurrentReservedFileDescrCount]: File Descriptors
Legend2[cacheCurrentReservedFileDescrCount]:


Target[cacheClients]: cacheClients&cacheClients:squidmrtg@localhost:3401
MaxBytes[cacheClients]: 1000000000
Title[cacheClients]: Number of Clients
Options[cacheClients]: nopercent
PageTop[cacheClients]:

Number of clients accessing cache


YLegend[cacheClients]: clients/sec
ShortLegend[cacheClients]: clients/s
LegendI[cacheClients]: Num Clients 
LegendO[cacheClients]:
Legend1[cacheClients]: Num Clients
Legend2[cacheClients]:


Target[cacheHttpAllSvcTime]: cacheHttpAllSvcTime.5&cacheHttpAllSvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheHttpAllSvcTime]: 1000000000
Title[cacheHttpAllSvcTime]: HTTP All Service Time
Options[cacheHttpAllSvcTime]: gauge, nopercent
PageTop[cacheHttpAllSvcTime]:

HTTP all service time


YLegend[cacheHttpAllSvcTime]: svc time (ms)
ShortLegend[cacheHttpAllSvcTime]: ms
LegendI[cacheHttpAllSvcTime]: Median Svc Time (5min) 
LegendO[cacheHttpAllSvcTime]: Median Svc Time (60min) 
Legend1[cacheHttpAllSvcTime]: Median Svc Time
Legend2[cacheHttpAllSvcTime]: Median Svc Time


Target[cacheHttpMissSvcTime]: cacheHttpMissSvcTime.5&cacheHttpMissSvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheHttpMissSvcTime]: 1000000000
Title[cacheHttpMissSvcTime]: HTTP Miss Service Time
Options[cacheHttpMissSvcTime]: gauge, nopercent
PageTop[cacheHttpMissSvcTime]:

HTTP miss service time


YLegend[cacheHttpMissSvcTime]: svc time (ms)
ShortLegend[cacheHttpMissSvcTime]: ms
LegendI[cacheHttpMissSvcTime]: Median Svc Time (5min) 
LegendO[cacheHttpMissSvcTime]: Median Svc Time (60min) 
Legend1[cacheHttpMissSvcTime]: Median Svc Time
Legend2[cacheHttpMissSvcTime]: Median Svc Time


Target[cacheHttpNmSvcTime]: cacheHttpNmSvcTime.5&cacheHttpNmSvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheHttpNmSvcTime]: 1000000000
Title[cacheHttpNmSvcTime]: HTTP Near Miss Service Time
Options[cacheHttpNmSvcTime]: gauge, nopercent
PageTop[cacheHttpNmSvcTime]:

HTTP near miss service time


YLegend[cacheHttpNmSvcTime]: svc time (ms)
ShortLegend[cacheHttpNmSvcTime]: ms
LegendI[cacheHttpNmSvcTime]: Median Svc Time (5min) 
LegendO[cacheHttpNmSvcTime]: Median Svc Time (60min) 
Legend1[cacheHttpNmSvcTime]: Median Svc Time
Legend2[cacheHttpNmSvcTime]: Median Svc Time


Target[cacheHttpHitSvcTime]: cacheHttpHitSvcTime.5&cacheHttpHitSvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheHttpHitSvcTime]: 1000000000
Title[cacheHttpHitSvcTime]: HTTP Hit Service Time
Options[cacheHttpHitSvcTime]: gauge, nopercent
PageTop[cacheHttpHitSvcTime]:

HTTP hit service time


YLegend[cacheHttpHitSvcTime]: svc time (ms)
ShortLegend[cacheHttpHitSvcTime]: ms
LegendI[cacheHttpHitSvcTime]: Median Svc Time (5min) 
LegendO[cacheHttpHitSvcTime]: Median Svc Time (60min) 
Legend1[cacheHttpHitSvcTime]: Median Svc Time
Legend2[cacheHttpHitSvcTime]: Median Svc Time


Target[cacheIcpQuerySvcTime]: cacheIcpQuerySvcTime.5&cacheIcpQuerySvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheIcpQuerySvcTime]: 1000000000
Title[cacheIcpQuerySvcTime]: ICP Query Service Time
Options[cacheIcpQuerySvcTime]: gauge, nopercent
PageTop[cacheIcpQuerySvcTime]:

ICP query service time


YLegend[cacheIcpQuerySvcTime]: svc time (ms)
ShortLegend[cacheIcpQuerySvcTime]: ms
LegendI[cacheIcpQuerySvcTime]: Median Svc Time (5min) 
LegendO[cacheIcpQuerySvcTime]: Median Svc Time (60min) 
Legend1[cacheIcpQuerySvcTime]: Median Svc Time
Legend2[cacheIcpQuerySvcTime]: Median Svc Time


Target[cacheIcpReplySvcTime]: cacheIcpReplySvcTime.5&cacheIcpReplySvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheIcpReplySvcTime]: 1000000000
Title[cacheIcpReplySvcTime]: ICP Reply Service Time
Options[cacheIcpReplySvcTime]: gauge, nopercent
PageTop[cacheIcpReplySvcTime]:

ICP reply service time


YLegend[cacheIcpReplySvcTime]: svc time (ms)
ShortLegend[cacheIcpReplySvcTime]: ms
LegendI[cacheIcpReplySvcTime]: Median Svc Time (5min) 
LegendO[cacheIcpReplySvcTime]: Median Svc Time (60min) 
Legend1[cacheIcpReplySvcTime]: Median Svc Time
Legend2[cacheIcpReplySvcTime]: Median Svc Time


Target[cacheDnsSvcTime]: cacheDnsSvcTime.5&cacheDnsSvcTime.60:squidmrtg@localhost:3401
MaxBytes[cacheDnsSvcTime]: 1000000000
Title[cacheDnsSvcTime]: DNS Service Time
Options[cacheDnsSvcTime]: gauge, nopercent
PageTop[cacheDnsSvcTime]:

DNS service time


YLegend[cacheDnsSvcTime]: svc time (ms)
ShortLegend[cacheDnsSvcTime]: ms
LegendI[cacheDnsSvcTime]: Median Svc Time (5min) 
LegendO[cacheDnsSvcTime]: Median Svc Time (60min) 
Legend1[cacheDnsSvcTime]: Median Svc Time
Legend2[cacheDnsSvcTime]: Median Svc Time


Target[cacheRequestHitRatio]: cacheRequestHitRatio.5&cacheRequestHitRatio.60:squidmrtg@localhost:3401
MaxBytes[cacheRequestHitRatio]: 100
AbsMax[cacheRequestHitRatio]: 100
Title[cacheRequestHitRatio]: Request Hit Ratio
Options[cacheRequestHitRatio]: absolute, gauge, noinfo, nopercent
Unscaled[cacheRequestHitRatio]: dwmy
PageTop[cacheRequestHitRatio]:

Request Hit Ratio


YLegend[cacheRequestHitRatio]: %
ShortLegend[cacheRequestHitRatio]: %
LegendI[cacheRequestHitRatio]: Median Hit Ratio (5min) 
LegendO[cacheRequestHitRatio]: Median Hit Ratio (60min) 
Legend1[cacheRequestHitRatio]: Median Hit Ratio
Legend2[cacheRequestHitRatio]: Median Hit Ratio


Target[cacheRequestByteRatio]: cacheRequestByteRatio.5&cacheRequestByteRatio.60:squidmrtg@localhost:3401
MaxBytes[cacheRequestByteRatio]: 100
AbsMax[cacheRequestByteRatio]: 100
Title[cacheRequestByteRatio]: Byte Hit Ratio
Options[cacheRequestByteRatio]: absolute, gauge, noinfo, nopercent
Unscaled[cacheRequestByteRatio]: dwmy
PageTop[cacheRequestByteRatio]:

Byte Hit Ratio


YLegend[cacheRequestByteRatio]: %
ShortLegend[cacheRequestByteRatio]:%
LegendI[cacheRequestByteRatio]: Median Hit Ratio (5min) 
LegendO[cacheRequestByteRatio]: Median Hit Ratio (60min) 
Legend1[cacheRequestByteRatio]: Median Hit Ratio
Legend2[cacheRequestByteRatio]: Median Hit Ratio

 Проверяем работу SNMP:

snmpwalk -v 2c -c squidmrtg localhost:3401 .1.3.6.1.4.1.3495.1.1

Если все нормально. то вывод будет примерно таким:

SNMPv2-SMI::enterprises.3495.1.1.1.0 = INTEGER: 9152
SNMPv2-SMI::enterprises.3495.1.1.2.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3495.1.1.3.0 = Timeticks: (776462) 2:09:24.62

 Добавляем в файл конфигурации Squid следующие строки:

vi /usr/local/etc/squid/squid.conf


acl My_SNMP snmp_community squidmrtg
snmp_port 3401
snmp_access allow My_SNMP localhost
snmp_access deny all

 Создаем index.html

usr/local/mrtg/bin/indexmaker squid.cfg > /usr/local/etc/squid/mrtg.conf

 Добавляем задание в cron:

0-59/5 * * * * /usr/local/bin/mrtg /usr/local/etc/squid/mrtg.conf

Статьи:
Блокирование баннеров с помощью SQUID+REJIK
SQUID & ICAP & ClamAV
Squid и LDAP-аутентификация из Active Directory
Настройка MRTG для мониторинга текущего состояния Squid




 Уважайте труд автора, сохраняйте копирайты.
Реклама на сайте висит не просто так и если статья Вам понравилась, с ее помощью Вы можете отблагодарить автора за проделанную работу. Спасибо!

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *


*