[openstack-dev] [tripleo] AIDE integration with fluentd / sensu
lhinds at redhat.com
Wed Mar 8 11:31:02 UTC 2017
I have a blueprint  up to provide a TripleO service to install
AIDE (Advanced Intrusion Detection Environment).
The general idea is that operators will be able to pass in AIDE rules (e.g
/etc p+sha256) via triple-heat-templates, initialise an integrity database
, and then add a cron job to perform a periodic run of AIDE and insure file
Steven Hardy made a good point on how it would be a nice addition to be
able to wire in the AIDE reports to some monitoring systems, namely fluentd
/ sensu. I don't have a great deal of experience with aforementioned tools,
having only played with basic logstash / filebeat set ups, but not yet
fluentd / sensu.
Is there anyone involved in ops-tools perhaps that would be able to provide
some input on how we could achieve this, or even better get involved with
helping get some patches up? I am guessing it would be a case of pointing
to a posix path for collection and then writing some templates(?) to
serialise the AIDE report data into a format that can be consumed by fluend
/ sensu. Folk who know these tools better then me might be aware of more
better ways of implementing. Any feedback is welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev