I'm new to Tripwire and I can see how it would be useful for tracking changes with files and at the OS level, but is it possible to get Tripwire to monitor access to a mySQL DB? IE - if I'm running mySQL 5.5 and I have it setup to send all of the user activity and commands to the syslog, how can I pull those out using Tripwire to fire an alert if someone has had 10 failed logons say?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You should be able to just edit the template to monitor exactly what you want. I would advise to send the logs to a dedicated file you want to monitor.
I'm new to Tripwire and I can see how it would be useful for tracking changes with files and at the OS level, but is it possible to get Tripwire to monitor access to a mySQL DB? IE - if I'm running mySQL 5.5 and I have it setup to send all of the user activity and commands to the syslog, how can I pull those out using Tripwire to fire an alert if someone has had 10 failed logons say?
Hello,
You should be able to just edit the template to monitor exactly what you want. I would advise to send the logs to a dedicated file you want to monitor.
You can take a look at this fine article by IBM on using OSS Tripwire: http://www.ibm.com/developerworks/aix/library/au-usingtripwire/index.html
You will need to edit the configuration post install to allow for syslog monitoring.
Now it will not tell you when someone is logging since any attempt will be logged and it will then modify the checksum of the file.
I think what you want is more like OSSEC.