This tutorial demonstrates how to seamlessly send your Duo Security authentication and administrative logs to Coralogix.
Add the Duo Security Admin API to your Duo instance.
STEP 1. Log in to the Duo Security admin portal, the storage place for your authentication and administrative logs.
STEP 2. Click on Applications > Protect an Application.
STEP 3. Select the Admin API.
STEP 4. Once the Duo Admin API application is created, copy the host name and key values to use in the Duo Security log sync configuration. Use the integration key (ikey), secret key (skey), and API hostname (hostname) values here to populate the configuration script.
Full instructions for this section can be found here.
STEP 1. Install Python3 on the server if you haven’t already done so.
STEP 2. Clone the duo_log_sync repo.
STEP 3. Create a temp directory at
c:\temp to store your log files.
/tmpdirectory that can be used.
STEP 4. Create a file called
Linux config.yml file:
duoclient: skey: "ENTER-SECRET-KEY-HERE" ikey: "ENTER-INTEGRATION-KEY-HERE" host: "ENTER-API-HOSTNAME-HERE" logs: logDir: "/tmp" endpoints: enabled: ["auth", "telephony", "adminaction"] polling: duration: 5 daysinpast: 1 checkpointDir: "/tmp" transport: protocol: "TCP" host: "localhost" port: 8877 certFileDir: "/tmp" certFileName: "selfsigned.cert" recoverFromCheckpoint: enabled: FalseWindows config.yml
STEP 5. Save the file.
STEP 6. Create a self-signed certificate and place it in the
STEP 7. Inside the
duo_log_sync directory use the command-line to type:
python3 setup.py install
STEP 8. Once the application is running, deploy the Fluentd log shipper to intercept the traffic. Send your logs to Coralogix on port 8877.
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].