Jiger's picture


I have a TKL file server 12 installed in my environment for taking the backups.


We now are looking for integrating this TKL file server with the SPLUNK system. Has anybody done this before?


I believe this is just forwarding the SNMP traps of the TKL file server to the Splunk server. Can anybody please advise the steps that needs to be followed for this.




Eric (tssgery)'s picture

It's been a while but... I have done this before by installing the Splunk "App for Unix and Linux" and the placing the forwarders on the turnkey appliances.

You can find more information on the Splunk website. 

Jiger's picture

Hi Eric,

Thanks for your reply.


Do we have a solution where the forwarder isn't required to be installed on the Turnkey Fileserver?

Can't this be achieved by simply mentioning the SNMP community string & the SNMP trap host details on the TKL Fileserver?




Eric (tssgery)'s picture

I think you can enable the snap agent agent and get a lightweight integration.  You won't get logs files of other information though. 


TKL is just Debian Linux, so anything monitoring without the forwarder that works for Debian will work for TKL.


if you get it working, please post back with what you did. I'm sure it'll help others

Jiger's picture

Sure mate,

I am first downloading the snmp package(s) and the relevant dependencies. Will install it, then try to search out for the configuration steps for it and lastly check if it works.

Note: I found today that the MIBs for Debian aren't freely available so that's kinda hindering the                        steps.

Will post the results if successful.


In the meanwhile, would be great if somebody can help me with the snmp configurations.


Eric (tssgery)'s picture

Have you seen this: https://wiki.debian.org/SNMP


the mibs are in the non-free repo, so you'd have to make sure you're meeting any license restrictions

Jiger's picture

Hi mate,

Thanks for the details.

I have downloaded and installed the Snmp stuff on my Tkl fileserver 12.0. 

After this i am also able to see a lot of required output when i run the snmwalk command for the localhost:  


$snmpwalk -v 2c -c public localhost

which makes me believe that the configuration is good enough. 
However still the snmptrapd service doesn't seem to be running.
root@Tkl# service snmpd status
snmpd is running.
snmptrapd is not running ... failed!
I need to send the snmp traps to the splunk server hence I believe I might need this service to be running - not sure what are the steps for this.
Also, do I need to do any configurations in the file "snmptrapd.conf" for achieving the above and may be some other settings in the snmpd.conf for this?


Eric (tssgery)'s picture

You probably need to edit the /etc/default/snmpd file.


I believe that , by default, snmptrapd does not start automatically. I just did a quick search and it seems that you might need to edit /etc/default/snmpd and change the line that reads "TRAPDRUN=NO" to "TRAPDRUN=yes"



I've not tried this, but the act of editing /etc/default/<something> to enable daemons at startup is pretty common so suspect it's on the right track

Jiger's picture

So far i can see that the Splunk is able to the TKL server.
I am yet to verify that snmptraps are coming in from the TKL server to the Splunk. Not sure though how to configure and check this on the Tkl server.


Jiger's picture


Now that Tkl file server is integrated with the Splunk server; I need to define the system event thresholds on the Tkl file server which can be polled / pushed  by the splunk server. 

For example something like this:

1) If system temperature increases more than 60 degrees then



2) If the disk space usage reaches 80% then



3) If the memory usage reaches the point of 90% then



Can anybody please inform me as to where can i configure these values into?


Add new comment