https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884830#M605 <DIV class="duo-migrated-content"><P>We would like to see an option to forward user authentication log to sumologic via API.<BR /> Currently log forwarding requires an intermediate host to pul the logs from the service via duo API and storing the logs locally, then forwarding.<BR /> We would like to eliminate the dependency on an intermediate host.</P></DIV> Tue, 27 Sep 2016 13:23:42 GMT avs1 2016-09-27T13:23:42Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884830#M605 <DIV class="duo-migrated-content"><P>We would like to see an option to forward user authentication log to sumologic via API.<BR /> Currently log forwarding requires an intermediate host to pul the logs from the service via duo API and storing the logs locally, then forwarding.<BR /> We would like to eliminate the dependency on an intermediate host.</P></DIV> Tue, 27 Sep 2016 13:23:42 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884830#M605 avs1 2016-09-27T13:23:42Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884831#M606 <DIV class="duo-migrated-content"><P>Hey avs,</P> <P>This seems like a Sumologic feature request. Splunk has this ability. <A href="http://blogs.splunk.com/2013/06/18/getting-data-from-your-rest-apis-into-splunk/" rel="nofollow noopener">http://blogs.splunk.com/2013/06/18/getting-data-from-your-rest-apis-into-splunk/</A></P> <P>I would start here: <A href="https://help.sumologic.com/Start_Here/Getting_Started/Get_Help#Feature_Request" rel="nofollow noopener">https://help.sumologic.com/Start_Here/Getting_Started/Get_Help#Feature_Request</A></P> <P>Cheers</P></DIV> Tue, 27 Sep 2016 15:14:43 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884831#M606 gleezy1 2016-09-27T15:14:43Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884832#M607 <DIV class="duo-migrated-content"><P>duosec does not have any ability to forward syslog messages.</P></DIV> Wed, 28 Sep 2016 02:03:53 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884832#M607 avs1 2016-09-28T02:03:53Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884833#M608 <DIV class="duo-migrated-content"><P>Hey avs,</P> <P>Perhaps I misunderstood, I thought you meant using the Duo Admin API to pull logs from the service as described here: <A href="https://duo.com/docs/adminapi" rel="nofollow noopener">https://duo.com/docs/adminapi</A></P> <P>Are you talking about logs from Authentication Proxy? Those logs have some configurability - <A href="https://duo.com/docs/authproxy_reference#main-section" rel="nofollow noopener">https://duo.com/docs/authproxy_reference#main-section</A> -but are going to be logged locally. For those logs, they will need to go from the AP host and be shipped out to Sumologic as you describe.</P> <P>Cheers</P></DIV> Wed, 28 Sep 2016 14:17:28 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884833#M608 gleezy1 2016-09-28T14:17:28Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884834#M609 <DIV class="duo-migrated-content"><P>can I forward the logs from Duo to Sumlogic via https?<BR /> <A href="https://help.sumologic.com/Send_Data/Sources/HTTP_Source/Upload_Data_to_an_HTTP_Source" class="onebox" target="_blank" rel="nofollow noopener">https://help.sumologic.com/Send_Data/Sources/HTTP_Source/Upload_Data_to_an_HTTP_Source</A><BR /> other alternative is syslog forwarding:<BR /> <A href="https://help.sumologic.com/Beta/Beta_-" rel="nofollow noopener">https://help.sumologic.com/Beta/Beta_-</A><EM>Sources/Beta</EM>-_Cloud_Syslog_Source</P></DIV> Wed, 28 Sep 2016 22:16:04 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884834#M609 avs1 2016-09-28T22:16:04Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884835#M610 <DIV class="duo-migrated-content"><P>Hey avs,</P> <P>Looking at the docs here: <A href="http://blogs.splunk.com/2013/06/18/getting-data-from-your-rest-apis-into-splunk/" rel="nofollow noopener">http://blogs.splunk.com/2013/06/18/getting-data-from-your-rest-apis-into-splunk/</A></P> <P>REST Modular Input is the one you are after. Here are the details you can use to get it all working: <A href="https://duo.com/docs/adminapi#api-details" rel="nofollow noopener">https://duo.com/docs/adminapi#api-details</A></P> <P>Cheers</P></DIV> Mon, 03 Oct 2016 14:17:37 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884835#M610 gleezy1 2016-10-03T14:17:37Z https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884836#M611 <DIV class="duo-migrated-content"><P>I got the response from SumoLogic:<BR /> They have an ability to run a script on their side as<BR /> described at <A href="https://help.sumologic.com/Send_Data/Sources/Script_Source" rel="nofollow noopener">https://help.sumologic.com/Send_Data/Sources/Script_Source</A></P> <P>this script for log collection can be tailored to for Duo<BR /> </P><ASIDE class="onebox whitelistedgeneric"> <HEADER class="source"> <IMG src="https://github.githubassets.com/favicons/favicon.svg" class="site-icon" width="32" height="32" /> <A href="https://github.com/RobsRepo/Collecting-Okta-Event-Logs" target="_blank" rel="nofollow noopener">GitHub</A> </HEADER> <ARTICLE class="onebox-body"> <IMG src="https://avatars0.githubusercontent.com/u/9926522?s=400&amp;v=4" class="thumbnail onebox-avatar" width="300" height="300" /> <H3><A href="https://github.com/RobsRepo/Collecting-Okta-Event-Logs" target="_blank" rel="nofollow noopener">RobsRepo/Collecting-Okta-Event-Logs</A></H3> <P>A Python script to collect event logs from Okta. Contribute to RobsRepo/Collecting-Okta-Event-Logs development by creating an account on GitHub.</P> </ARTICLE> <DIV class="onebox-metadata"> </DIV> <DIV style="clear: both"></DIV> </ASIDE> <P></P></DIV> Wed, 05 Oct 2016 20:34:34 GMT https://community.cisco.com/t5/apis/authentication-log-forwarding-to-sumologic-via-api/m-p/4884836#M611 avs1 2016-10-05T20:34:34Z