Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs.

Logging:

A logging filepath can be specified in config.yml. By default, logs will be stored under the /tmp folder with name duologsync.log.

These logs are only application/system logs and not the actual logs retrieved from Duo endpoints.

System Requirements:

Duo Log Sync must run a system set to the UTC/GMT Timezone.

Installation:

▪ Make sure you are running Python 3+:

python3 --version

▪ Clone this GitHub repository and navigate to the duo_log_sync folder:

git clone https://github.com/duosecurity/duo_log_sync.git

▪ Ensure you have "setuptools";

pip3 install setuptools

▪ Install duologsync:

python3 setup.py install

▪ Go to duo_log_sync folder and create a config.yml file:

cd duo_log_sync/ touch config.yml

▪ Edit config.yml file:

vi config.yml

version: '1.0.0' dls_settings: log_filepath: '/tmp/duologsync.log' log_format: 'CEF' api: offset: 180 timeout: 120 servers: - id: 'SYSLOG' hostname: '127.0.0.1' port: 514 protocol: 'UDP' account: ikey: 'xxxxxxxxxxx' skey: 'yyyyyyyyyyyy' hostname: 'xxx.duosecurity.com' endpoint_server_mappings: - endpoints: ['adminaction', 'auth', 'telephony'] server: 'SYSLOG' is_msp: False

▪ Run the application:

duologsync config.yml

STENGE