Recommend alternative to tripwire?
Solution 1:
We use OSSEC as HIDS and Splunk to analyze the results. OSSEC provides:
- File integrity
- Log monitoring
- Rootkit detection
- Configuration analysis
There is a free Splunk App, called Splunk for OSSEC which works great to manage OSSEC alerts (there are dashboards, queries, etc.). We use free Splunk.
You can also use the OSSEC WebUI, but it is much more limited.
To give you an idea of how it is, have a look at this screenshot.
Solution 2:
OSSec provides an IDS similar to Tripwire, amongst other host monitoring. It's centrally managed, with all the logs arriving into a single collector. If you've got a server to spare then you could also use OSSim which provides IDS as well as network monitoring and penetration testing tools.
Solution 3:
If you are using Windows systems, a good alternative to Tripwire is Verisys. Like Tripwire it does file integrity monitoring and has a central administration console for reporting etc, but it's a whole lot easier to use than Tripwire. And cheaper :)
It's Windows only though, so not much use if you are using Linux...