This is a utility that will leverage the Duo Security API (https://www.duosecurity.com/docs) and pulls both the admin and authentication logs and then write CEF-compliant syslog messages to an arbitrary server.
This could used used to with a scheduled job to import Duo Security logs into a SIEM or log management solution.
- download the zip archive
- pip install -r requirements.txt
- update the conf.ini file
Pay attention to the conf.ini file. Many important value are set, including:
- syslog destination
- timeframe for log retrieval
- API authentication credentials
- rudimentary debugging
The following modules are used:
- duo_client (2.1) - https://github.com/duosecurity/duo_client_python
- loggerglue (1.0) - https://pypi.python.org/pypi/loggerglue/1.0
Only tested on Python 2.7.6.
This is the most current CEF definition, but requires a Protect724 login.
This is slightly older, but good enough: