This utility leverages the Duo Security API (https://www.duosecurity.com/docs) to consume both the admin and authentication logs, and write CEF-compliant syslog messages to an arbitrary server. Use this incombination with a scheduled job to import Duo Security logs into a SIEM or log management solution.
- download the zip archive
- pip install -r requirements.txt
- update the conf.ini file
Pay attention to the conf.ini file. Many important value are set, including:
- syslog destination
- timeframe for log retrieval
- API authentication credentials
- rudimentary debugging
The following modules are used:
- duo_client (2.1) - https://github.com/duosecurity/duo_client_python
- loggerglue (1.0) - https://pypi.python.org/pypi/loggerglue/1.0
Only tested on Python 2.7.6.
This is the most current CEF definition, but requires a Protect724 login.
This is slightly older, but good enough: