Tripwire Metric Plugin parses reports generated by Tripwire Intrusion Detection System.
Tripwire plugin supported only for ubuntu and centos distributions. For other platforms, reach out to firstname.lastname@example.org
Tripwire plugin requires Tripwire package to be installed
For installation of Tripwire package
Refer to sfAgent section for steps to install and configure sfagent. Tripwire plugin configurations can be automatically generated by sfagent or added manually. To manually add the configuration, update
- name: tripwire
If Tripwire reports need to be triggered automatically once in the day, you can add a cron job for it. To add a Cronjob,
0 0 * * * tripwire --check
Once you save the file, a cron job gets scheduled automatically.
if you want to run the Cronjob at a specific time everyday at say 11:30 AM, use following command
30 11 * * * tripwire --check
To trigger a Tripwire report at any point in time, use the following command
It consists of three document types
tripwireReportSummary: contains information about report creation date, user who created, policy used , command used for triggering report
tripwireRuleSummary: contains information related to list of rules added for monitoring and its severity, count of added, removed and modified files
tripwireObjectSummary: contains detailed information about list of added, removed and modified files per rules
Use the built-in TripWire dashboard for data visualization.
Tripwire summary pane
Tripwire object details pane
Viewing data and dashboards
Data collected by plugins can be viewed in SnappyFlow’s browse data section under metrics section
documentType: tripwireReportSummary, tripwireRuleSummary, tripwireObjectSummary
For help with plugins, please reach out to email@example.com.