top of page
Writer's pictureDiniz Martins

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs.


Logging:

A logging filepath can be specified in config.yml. By default, logs will be stored under the /tmp folder with name duologsync.log.

These logs are only application/system logs and not the actual logs retrieved from Duo endpoints.


System Requirements:

Duo Log Sync must run a system set to the UTC/GMT Timezone.


Installation:

Make sure you are running Python 3+:

python3 --version

Clone this GitHub repository and navigate to the duo_log_sync folder:

git clone https://github.com/duosecurity/duo_log_sync.git

Ensure you have "setuptools";

pip3 install setuptools

Install duologsync:

python3 setup.py install

Go to duo_log_sync folder and create a config.yml file:

​cd duo_log_sync/

touch config.yml

Edit config.yml file:

vi config.yml

version: '1.0.0'

dls_settings:

log_filepath: '/tmp/duologsync.log'

log_format: 'CEF'

api:

offset: 180

timeout: 120

servers:

- id: 'SYSLOG'

hostname: '127.0.0.1'

port: 514

protocol: 'UDP'

account:

ikey: 'xxxxxxxxxxx'

skey: 'yyyyyyyyyyyy'

hostname: 'xxx.duosecurity.com'

endpoint_server_mappings:

- endpoints: ['adminaction', 'auth', 'telephony']

server: 'SYSLOG'

is_msp: False

Run the application:

duologsync config.yml



160 views0 comments

Recent Posts

See All

Understanding CIMC for Cisco ISE

Cisco Integrated Management Controller (CIMC) is a crucial component for managing and monitoring Cisco UCS servers, including those used...

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as...

Hozzászólások


bottom of page