Authentication log forwarding to sumologic via API


We would like to see an option to forward user authentication log to sumologic via API.
Currently log forwarding requires an intermediate host to pul the logs from the service via duo API and storing the logs locally, then forwarding.
We would like to eliminate the dependency on an intermediate host.


Hey avs,

This seems like a Sumologic feature request. Splunk has this ability.

I would start here:



duosec does not have any ability to forward syslog messages.


Hey avs,

Perhaps I misunderstood, I thought you meant using the Duo Admin API to pull logs from the service as described here:

Are you talking about logs from Authentication Proxy? Those logs have some configurability - -but are going to be logged locally. For those logs, they will need to go from the AP host and be shipped out to Sumologic as you describe.



can I forward the logs from Duo to Sumlogic via https?
other alternative is syslog forwarding:


Hey avs,

Looking at the docs here:

REST Modular Input is the one you are after. Here are the details you can use to get it all working:



I got the response from SumoLogic:
They have an ability to run a script on their side as
described at

this script for log collection can be tailored to for Duo