Duologsync is a utility written by Duo Security to enable fetching logs from different endpoints and enabling customers to feed it to different SIEMs. Incremental updates will be published as we add more features.
- Make sure you are running python 3+ “python --version”
- Clone the github repository
- go to
duo_log_sync
folder and run "python/python3 setup.py install". This will install the duologsync utility - If you get error about setuptools, install it using “pip3 install setuptools”
- Refer the config.yml file in the
Example Configuration
section below. You will need createconfig.yml
file and fill out credentials for adminapi in duoclient section as well as other parameters if necessary - Run the application using "duologsync <complete/path/to/config.yml>"
- Logging filepath can be specified in
config.yml
. By default, logs will be stored under /tmp/ folder with nameduologsync.log
- Current version supports fetching logs from auth, telephony and admin endpoints over TCP, TCP Encrypted over SSL, and UDP
- Ability to recover data by reading from last known offset through checkpointing files
- Enabling only certain endpoints through config file
- Choosing how logs are formatted (JSON, CEF)
- Support for Linux, MacOS, Windows
- Adding more log endpoints
- Adding better skey security
- Support for MSP accounts
- Duologsync is compatible with python versions
3.6
,3.7
and3.8
. - Duologsync is officially supported on Linux, MacOS, and Windows systems.
- Check
template_config.py
for an example and for extensive, in-depth config explanation
- From time to time new features and fields will be added to the config file. Updating of the config file will be mandatory if a config change is made. To make this easier on you, Duo has created a script called
upgrade_config.py
which will automatically update your old config for you. - To use the
upgrade_config.py
script, simply run the following command:python3 upgrade_config.py <old_config> <new_config>
where<old_config>
is the filepath or your old configuration file, and<new_config>
is where you would like the new configuration file to be saved. - The
upgrade_config.py
script will not delete your old config file, it will be preserved. - This script is a new feature and has to extrapolate some information, some unexpected issues may occur. For most old configs the script will work just fine. You can check if the new config file works by running it with DLS.