Why does the Tripwire Enterprise App for Splunk En...

addproniklas · ‎02-05-2016

Hi

I've been trying to set up the Tripwire App for a few months now, but run in to the exact same problem every time.

The issue I have is that the event collection stops and the tripwire_fim.py gets started in multiple instances. It seems that after a while, the python script freezes in its connection with the Tripwire server and waits forever.

The current work around is that I need to kill all instances of the script and also restart the Tripwire server. Then it works for a few days and the issue is there all over again.

I've been in contact with Tripwire support, they can't help me since this is a Splunk App (Even if the app is downloaded from their website)
I've been doing some tests with the Tripwire SOAP API with the twtool after issue has occurred (twtool is a special tool where you can interact with tripwire thru CLI), so far the tests has been successful, indicating that there is some problem with the Splunk app. But since there is no logging function in the app, I can't see what is the reason for the app to stop working.

Is there anyone that has encountered this problem?
Hopefully someone can help me with this, perhaps the developer of this app has got some more insights in what could be the problem?

Best Regards

JimWachhaus · ‎06-08-2016

What version of the app are you using? The current version is 1.5.4

What you are describing is not typical behavior.

It may be helpful to look at the Tripwire Enterprise logs to see if the app is opening multiple connections.

Why does the Tripwire Enterprise App for Splunk Enterprise stop collecting data after a few days?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases