Skip to content

Duo Security

This tutorial demonstrates how to seamlessly send your Duo Security authentication and administrative logs to Coralogix.

Prerequisites

  • Duo Security account

  • Server capable of fetching data from Duo Security (e.g. EC2, VM Instance, etc.)

Admin API Setup

Add the Duo Security Admin API to your Duo instance.

STEP 1. Log in to the Duo Security admin portal, the storage place for your authentication and administrative logs.

STEP 2. Click on Applications > Protect an Application.

STEP 3. Select the Admin API.

STEP 4. Once the Duo Admin API application is created, copy the host name and key values to use in the Duo Security log sync configuration. Use the integration key (ikey), secret key (skey), and API hostname (hostname) values here to populate the configuration script.

Log Sync Setup & Configuration

Full instructions for this section can be found here.

STEP 1. Install Python3 on the server if you haven't already done so.

STEP 2. Clone the duo_log_sync repo.

STEP 3. Create a temp directory at c:\temp to store your log files.

  • Those using Linux operating systems will already have a /tmp directory that can be used.

STEP 4. Create a file called config.yml inside ...\duologsync\config.yml.

  • Those using Windows operating systems will need to escape the directory references and put the full path, as in the example below.

  • Input the skey, ikey, and hostname values from your Admin API application.

Linux config.yml file:

duoclient:
  skey: "ENTER-SECRET-KEY-HERE"
  ikey: "ENTER-INTEGRATION-KEY-HERE"
  host: "ENTER-API-HOSTNAME-HERE"

logs:
  logDir: "/tmp"
  endpoints:
    enabled: ["auth", "telephony", "adminaction"]
  polling:
    duration: 5
    daysinpast: 1
  checkpointDir: "/tmp"

transport:
  protocol: "TCP"
  host: "localhost"
  port: 8877
  certFileDir: "/tmp"
  certFileName: "selfsigned.cert"

recoverFromCheckpoint:
  enabled: FalseWindows config.yml

STEP 5. Save the file.

STEP 6. Create a self-signed certificate and place it in the tmp directory.

STEP 7. Inside the duo_log_sync directory use the command-line to type:

python3 setup.py install

STEP 8. Once the application is running, deploy the Fluentd log shipper to intercept the traffic. Send your logs to Coralogix on port 8877.

Additional Resources

DocumentationFluentd
ExternalDuo Security GitHub Repository

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

Previous Previous Shipping Snowflake Logs and Audit Data to Coralogix with OpenTelemetry
Next Zscaler Internet Access (ZIA) Next
Home
User Guides User Guides
Integrations Integrations
OpenTelemetry OpenTelemetry
Developer Portal Developer Portal