top of page

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs.


A logging filepath can be specified in config.yml. By default, logs will be stored under the /tmp folder with name duologsync.log.

These logs are only application/system logs and not the actual logs retrieved from Duo endpoints.

System Requirements:

Duo Log Sync must run a system set to the UTC/GMT Timezone.


Make sure you are running Python 3+:

python3 --version

Clone this GitHub repository and navigate to the duo_log_sync folder:

git clone

Ensure you have "setuptools";

pip3 install setuptools

Install duologsync:

python3 install

Go to duo_log_sync folder and create a config.yml file:

​cd duo_log_sync/

touch config.yml

Edit config.yml file:

vi config.yml

version: '1.0.0'


log_filepath: '/tmp/duologsync.log'

log_format: 'CEF'


offset: 180

timeout: 120


- id: 'SYSLOG'

hostname: ''

port: 514

protocol: 'UDP'


ikey: 'xxxxxxxxxxx'

skey: 'yyyyyyyyyyyy'

hostname: ''


- endpoints: ['adminaction', 'auth', 'telephony']

server: 'SYSLOG'

is_msp: False

Run the application:

duologsync config.yml

94 views0 comments

Recent Posts

See All

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as part of a Denial of Service (DoS) or Man-in-the-Middle (MiTM)

Umbrella VA logging to Remote Syslog Server

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

Cisco ISE | Repository, CLI

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: ➛ Backup and Restore of ISE Configuration and Operational data; ➛ Upgrade of ISE nodes;


bottom of page