11-20-2023 08:46 PM
Hi.,
what is the minimum value for "limit" param in csico duo admin log api authentication logs..,
when trying to hit authentication logs with limit=1 getting
GET https://{hostname}/admin/v2/logs/authentication?maxtime=1700540043000&mintime=1699149677000&limit=1
11-21-2023 05:37 AM - edited 11-22-2023 11:42 AM
1 is valid and worked for me? I sent this (in Postman) and got back one authlog event and the offset info (datestring and txid) for the next one:
https://api-nnn.duosecurity.com/admin/v2/logs/authentication?limit=1&mintime=1698770162000&maxtime=1698809762000
11-21-2023 09:16 PM
But, why is it failing in my case?
Do we need to make any configuration changes in Admin api console?
and also I am using a free 30 day trail account, is it an issue?
11-21-2023 09:18 PM
And I didn't see any documentation on Rate limit/ throttling for the api calls?
can you please provide me the link for the same if its available?
@DuoKristina
11-22-2023 05:58 AM
>But, why is it failing in my case?
I don't know why you may be having an issue, but I can confirm specifying a limit value of 1 is valid.How are you making the request? Are you using one of our API clients from GitHub, or Postman, or your own script/code? Are you certain however you are sending the request is handling additional params correctly with regard to constructing the HMAC signature? https://duo.com/docs/adminapi#authentication
>Do we need to make any configuration changes in Admin api console?
No, If you are able to pull authlog records without specifying a limit value then there is nothing to adjust in the Admin Panel. The permission required is "Read information" and if you can pull any logs then the permission for the Admin API application is sufficient.
>And I didn't see any documentation on Rate limit/ throttling for the api calls?
For authentication v2 logs endpoint it is mentioned here https://duo.com/docs/adminapi#authentication-logs:
There is an intentional two minute delay in availability of new authentications in the API response. Duo operates a large scale distributed system, and this two minute buffer period ensures that calls will return consistent results. Querying for results more recent than two minutes will return as empty.
We recommend requesting logs no more than once per minute.
11-22-2023 06:25 AM
Hi, Thanks for your prompt reply.
How are you making the request?
using code
package com.ram.sf.duo;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.*;
import java.util.stream.Collectors;
public class AuthenticationLogs1 {
public static void main(String[] args) throws InvalidKeyException {
String method = "GET";
String host = "api-db88d6a9.duosecurity.com";
String path = "/admin/v2/logs/authentication";
Map<String, String> params = new LinkedHashMap<>();
Date currentDate = new Date();
// Calculate the date 180 days ago
long daysToSubtract = 5;
long millisecondsInADay = 24 * 60 * 60 * 1000;
long millisecondsToSubtract = daysToSubtract * millisecondsInADay;
long minTime = currentDate.getTime() - millisecondsToSubtract;
long millisecondsInADay1 = 1 * 60 * 60 * 1000;
long maxTime = currentDate.getTime() -millisecondsInADay1;
params.put("maxtime","1700540043000");
params.put("mintime","1699149677000");
//params.put("limit", "1");
params.put("sort", "ts%3Aasc");
String ikey = "DIP5K1AZ4J6O9RFOZRRY";
String skey = "rkI9yXyqQT91Rw02F5Zao0itpV4LwkAUz8KNnrA6";
// Create canonical string
SimpleDateFormat dateFormat = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss Z");
// dateFormat.setTimeZone(TimeZone.getTimeZone("EST"));
String now = dateFormat.format(new Date());
// String now = OffsetDateTime.now().format(DateTimeFormatter.RFC_1123_DATE_TIME);
StringBuilder canonicalStringBuilder = new StringBuilder();
canonicalStringBuilder.append(now)
.append("\n")
.append(method.toUpperCase())
.append("\n")
.append(host.toLowerCase())
.append("\n")
.append(path)
.append("\n");
String h=params.keySet().stream().map(key->key+"="+params.get(key)).collect(Collectors.joining("&"));
canonicalStringBuilder.append(h);
String canonicalString = canonicalStringBuilder.toString();
System.out.println(canonicalString);
// Sign canonical string
try {
Mac sha1Hmac = Mac.getInstance("HmacSHA1");
SecretKeySpec secretKey = new SecretKeySpec(skey.getBytes(StandardCharsets.UTF_8), "HmacSHA1");
sha1Hmac.init(secretKey);
byte[] signatureBytes = sha1Hmac.doFinal(canonicalString.getBytes(StandardCharsets.UTF_8));
String signature = toHexString(signatureBytes);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
private static String toHexString(byte[] bytes) {
StringBuilder hexString = new StringBuilder();
for (byte b : bytes) {
hexString.append(String.format("%02X", b));
}
System.out.println("password is " + hexString.toString());
return hexString.toString();
}
}
the other params say sort, mintime, maxtime are working as expected except the limit param...please let me know if there is an issue with code.
11-22-2023 06:28 AM
We recommend requesting logs no more than once per minute.
So, Rate limit is 1 call per minute? right?
11-22-2023 11:48 AM
Yeah, you might get away with two per minute but sometimes not which is why we recommend one.
Something I forget a lot is that the params have to be in alpha order. I am not a Java person but it doesn't look like your code sorts the params in alpha order? If you put limit before maxtime does that help? We do require the params to be in lexicographic order.
11-23-2023 06:03 PM
rate limit is per account, per user token or per API?
11-27-2023 06:00 AM
Per organization Duo account.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide