Using Tripwire to monitor IVE config changes

  • Hey guys, does anyone here know of a way to Tripwire a Juniper SSL VPN box?

    Of course I could manually export an XML format of the config to a directory of a sever that Tripwire monitors but that’s painful. 😞

    I could also SCP the config over to a server and have Tripwire compare against it, however I don’t know if this SCP’d config would be in an XML format or if it would simnply be a .cfg file. Does anyone know?

    Since there is no way to obtain the whole config via the command line, I dont see how I could accomplish this.

  • Or maybe you can just put a link in your central management which directs to the admin access log page on ive. hehe.
    so it looks like its centrally implemented - who cares about the details.

    kiwi syslog is nice as you can use alarms, very easy to configure.
    For any text string in any syslog message you can define email notification of the admin stuff, i love to use it as it only informs me about the things that are interesting to me.

  • Yep, the logs are already going out to a SYSLOG server. So I’m hoping that having all admin changes accounted on the SYSLOG server will be good enough.

  • Maybe you can do it this way - send the logs to syslog server like kiwi syslog. nice one.

  • Yeah thats my backup plan. You know how it is with compliance and corporate standards though, they want everything to be monitored the same way. Oh well, it just can’t be done.

  • The admin logs shows in plain text all the admin changes configured on ive, no need for anything else.