search

DinoTools / monitoring-check_squid

GNU General Public License v2.0
3 stars 2 forks source link

Unclear check output when ACLs are not good. #1

Open kfiresmith opened 3 years ago

kfiresmith commented 3 years ago

Hello and thanks for providing this check.
I'm relatively new to Squid, and did not understand that this check relies upon the 'manager' ACL within squid.conf, being set to allow from your monitoring hosts. Without this ACL, we see:

Use of uninitialized value $connection_nbclient in concatenation (.) or string at ./check_squid line 275.

I did already have squidclient installed, after the check alerted me to needing it (good error checking!), but the error above yielded no clues, so I needed to dig into the Squid docs, which also don't seem to cover the concept of 'manager' well. Thankfully, the Squid website did link to the SqStat web page, which gave me the context clues I needed in order to understand how to augment my squid.conf file:

Edit your squid.conf to allow cachemgr protocol:

acl manager proto cache_object
# replace 10.0.0.1 with your webserver IP
acl webserver src 10.0.0.1/255.255.255.255
http_access allow manager webserver
http_access deny manager

So my problem is solved, but others may also hit this issue and not know where to solve it.

I'm not a Perl person at all so I'm completely lost on how I'd author a fix to PR, but hopefully someone else can do that, and can augment the check documentation to clue us hapless monitoring folks into the fact we need a special ACL within Squid to allow the check to work.

Thanks!

kfiresmith commented 3 years ago

Follow-up problem: It appears that the memory check also has an un-handled error:

$ ./check_squid -H proxy1.college.edu -p 3128 -d Resources
SQUID OK - CPU used 5s: 0.04, CPU used 5m: 0.06, CPU used 60m: 0.06 | 'CPU used 5s'=0.04%;; 'CPU used 5m'=0.06%;; 'CPU used 60m'=0.06%;;

$ ./check_squid -H proxy1.college.edu -p 3128 -d Memory
Use of uninitialized value $memory_used in concatenation (.) or string at ./check_squid line 297.
kfiresmith commented 3 years ago

One more un-handled error that I can't make sense of - seems to work on one of our Squid servers fine, but not the twin.

check_squid -H proxy2.college.edu -d Cache
Use of uninitialized value $cache_bytehitratio5 in concatenation (.) or string at /usr/lib/nagios/plugins/check_squid line 283.

Looking at the code - which again I'm terrible at Perl - I think that the author might have assumed that there would always be a non-zero amount of cache hits. From the output of -vvv, I think that the problem is that for a completely idle Squid instance, the hits being checked return:

 Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):   0.00000  5.06039

If I were to generate some traffic, the check recovers. So this is probably an area where we're going to get false positives any time we have a 5 minute stretch with no activity on a given Squid instance.