Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1943
Views
5
Helpful
3
Replies

Cisco ISE logs to DUO

latenaite2011
Level 4
Level 4

‎09-10-2021 09:49 AM

Good morning,

 

Just wondering if there is a way for Cisco ISE to send logs to DUO when it times out the multi-factor authentication?  We can see that the authentication is successful on Cisco ISE but it seems to time out on Cisco DUO but we're not able to see why it times out.

0 Helpful
3 Replies 3

Marcelo Morais
VIP
VIP

‎09-10-2021 01:08 PM

Hi @latenaite2011 ,

 AFAIK ISE can not send logs to DUO and vice-versa, but it's possible to send the logs to a SIEM.

 Please take a look at:

Can logs be exported from Duo to a SIEM?

Configure Cisco ISE to send logs to Splunk

 

Hope this helps !!!

0 Helpful

latenaite2011
Level 4
Level 4
In response to Marcelo Morais

‎09-10-2021 01:48 PM

Thanks Marcelo for the response.

 

Make sense and not sure if we will get much since the authentication shows successful on ISE and if we can the logs to a SIEM, we'll get similar logs there.  Just wanted to find out what DUO_proxy is seeing when it times out.

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to latenaite2011

‎09-11-2021 02:59 AM

Hi @latenaite2011,

You should check logs on your Duo Authentication Proxy servers, to undestand what is going on. If Duo AuthProxy is installed on top of Linux server, you should look into '/opt/duoauthproxy/log', and on Windows you should look into 'C:\Program Files\Duo Security Authentication Proxy\log'. You can find relevant document here. On this location you'll find log file which contains all relevant info for authentication.

BR,

Milos

Customers Also Viewed These Support Documents