Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs.
Logging:
A logging filepath can be specified in config.yml. By default, logs will be stored under the /tmp folder with name duologsync.log.
These logs are only application/system logs and not the actual logs retrieved from Duo endpoints.
System Requirements:
Duo Log Sync must run a system set to the UTC/GMT Timezone.
Installation:
▪ Make sure you are running Python 3+:
python3 --version |
▪ Clone this GitHub repository and navigate to the duo_log_sync folder:
git clone https://github.com/duosecurity/duo_log_sync.git |
▪ Ensure you have "setuptools";
pip3 install setuptools |
▪ Install duologsync:
python3 setup.py install |
▪ Go to duo_log_sync folder and create a config.yml file:
cd duo_log_sync/ touch config.yml |
▪ Edit config.yml file:
vi config.yml |
version: '1.0.0' dls_settings: log_filepath: '/tmp/duologsync.log' log_format: 'CEF' api: offset: 180 timeout: 120 servers: - id: 'SYSLOG' hostname: '127.0.0.1' port: 514 protocol: 'UDP' account: ikey: 'xxxxxxxxxxx' skey: 'yyyyyyyyyyyy' hostname: 'xxx.duosecurity.com' endpoint_server_mappings: - endpoints: ['adminaction', 'auth', 'telephony'] server: 'SYSLOG' is_msp: False |
▪ Run the application:
duologsync config.yml |