All Apps and Add-ons

Why does the Tripwire Enterprise App for Splunk Enterprise stop collecting data after a few days?

addproniklas
Engager

Hi

I've been trying to set up the Tripwire App for a few months now, but run in to the exact same problem every time.

The issue I have is that the event collection stops and the tripwire_fim.py gets started in multiple instances. It seems that after a while, the python script freezes in its connection with the Tripwire server and waits forever.

The current work around is that I need to kill all instances of the script and also restart the Tripwire server. Then it works for a few days and the issue is there all over again.

I've been in contact with Tripwire support, they can't help me since this is a Splunk App (Even if the app is downloaded from their website)
I've been doing some tests with the Tripwire SOAP API with the twtool after issue has occurred (twtool is a special tool where you can interact with tripwire thru CLI), so far the tests has been successful, indicating that there is some problem with the Splunk app. But since there is no logging function in the app, I can't see what is the reason for the app to stop working.

Is there anyone that has encountered this problem?
Hopefully someone can help me with this, perhaps the developer of this app has got some more insights in what could be the problem?

Best Regards

0 Karma

JimWachhaus
Path Finder

What version of the app are you using? The current version is 1.5.4

What you are describing is not typical behavior.

It may be helpful to look at the Tripwire Enterprise logs to see if the app is opening multiple connections.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...