top of page

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs.


Logging:

A logging filepath can be specified in config.yml. By default, logs will be stored under the /tmp folder with name duologsync.log.

These logs are only application/system logs and not the actual logs retrieved from Duo endpoints.


System Requirements:

Duo Log Sync must run a system set to the UTC/GMT Timezone.


Installation:

Make sure you are running Python 3+:

python3 --version

Clone this GitHub repository and navigate to the duo_log_sync folder:

git clone https://github.com/duosecurity/duo_log_sync.git

Ensure you have "setuptools";

pip3 install setuptools

Install duologsync:

python3 setup.py install

Go to duo_log_sync folder and create a config.yml file:

​cd duo_log_sync/

touch config.yml

Edit config.yml file:

vi config.yml

version: '1.0.0'

dls_settings:

log_filepath: '/tmp/duologsync.log'

log_format: 'CEF'

api:

offset: 180

timeout: 120

servers:

- id: 'SYSLOG'

hostname: '127.0.0.1'

port: 514

protocol: 'UDP'

account:

ikey: 'xxxxxxxxxxx'

skey: 'yyyyyyyyyyyy'

hostname: 'xxx.duosecurity.com'

endpoint_server_mappings:

- endpoints: ['adminaction', 'auth', 'telephony']

server: 'SYSLOG'

is_msp: False

Run the application:

duologsync config.yml



94 views0 comments

Recent Posts

See All

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as part of a Denial of Service (DoS) or Man-in-the-Middle (MiTM)

Umbrella VA logging to Remote Syslog Server

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

Cisco ISE | Repository, CLI

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: ➛ Backup and Restore of ISE Configuration and Operational data; ➛ Upgrade of ISE nodes;

Kommentare


bottom of page