top of page

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs.


Logging:

A logging filepath can be specified in config.yml. By default, logs will be stored under the /tmp folder with name duologsync.log.

These logs are only application/system logs and not the actual logs retrieved from Duo endpoints.


System Requirements:

Duo Log Sync must run a system set to the UTC/GMT Timezone.


Installation:

Make sure you are running Python 3+:

python3 --version

Clone this GitHub repository and navigate to the duo_log_sync folder:

Ensure you have "setuptools";

pip3 install setuptools

Install duologsync:

python3 setup.py install

Go to duo_log_sync folder and create a config.yml file:

​cd duo_log_sync/

touch config.yml

Edit config.yml file:

vi config.yml

version: '1.0.0'

dls_settings:

log_filepath: '/tmp/duologsync.log'

log_format: 'CEF'

api:

offset: 180

timeout: 120

servers:

- id: 'SYSLOG'

hostname: '127.0.0.1'

port: 514

protocol: 'UDP'

account:

ikey: 'xxxxxxxxxxx'

skey: 'yyyyyyyyyyyy'

hostname: 'xxx.duosecurity.com'

endpoint_server_mappings:

- endpoints: ['adminaction', 'auth', 'telephony']

server: 'SYSLOG'

is_msp: False

Run the application:

duologsync config.yml


gif

4 views0 comments

Recent Posts

See All

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes: ➛ Backup and Restore of ISE Configuration and Operational data; ➛ Upgrade of ISE nodes;

Secure Unlock Client mechanism provides root shell access on Cisco ISE Command Line Interface (CLI) for a certain period of time. As soon as the session is closed or exited, the root access is also re

bottom of page