One thought I had of deploying Splunk was the following scenario: Install it on one of our network servers and configuring another one of our servers to forward its log files to the Splunk server. Along with this setup a running of the Tripwire application once a day on the server that is forwarding its log files to the Splunk server.
Would the combination of Splunk and Tripwire be an effective means of file integrity monitoring? More specifically, is Splunk providing an effective file integrity check of the remote server by the latter sending its log files to it?
With the combination of Tripwire Enterprise and Splunk you get the world leading technology for FIM and Security Configuration Management coupled with the power of Splunk for combining event information from multiple sources.