Duo Log Grabber - We NEED You!

Hey Duo Community!
I’m Dan, a Product Manager here at Duo Security. We’re currently working on making an official Duo Log Grabber.

Over the coming weeks, we would like to work with a few customers (between 3-5) on making sure the Duo Log Grabber does everything to alleviate your pain points in regard to getting logs from Duo to your SIEM.

We’re preferably looking for customers who use QRadar and LogRhythm, and who ideally would like to use JSON over CEF. However, this is not a prerequisite.

If you’re interested in helping us out and would like to test, trial, and provide feedback regarding the new Duo Log Grabber, please comment below!

Kind regards,

Product Manager for Data


I am a customer who uses QRadar and I would be very interested in participating in testing out the log grabber. I can be formally reached at ptyler@odu.edu.


Phillip Tyler
IT Security Operations Analyst
Information Technology Services
Old Dominion University
Norfolk, VA 23529
Ph: (757) 683-5068

Please help us with elastic search stack.

Hi Philip,
Just sent you an email!



We can probably help test it.


I am customer who uses QRadar and I’m very interested in reviewing this log grabber. I can be reached at alan.hong@usc.edu.

Thank you,
Alan Hong
Information Security Lead
Office of the Chief Information Security Officer (CISO)
University of Southern California
3434 S. Grand Avenue
Los Angeles, California 90089-2812

I am a customer who uses Logrhythm and I would be very interested in participating in testing out the log grabber. dm me if this is still open!

Hey Dan,
we would be happy to join the test Programm for QRadar, we have a quite large setup and would be happy to burry our self made skripts.

Please send me an E-Mail or Personal Message here and i share my Duo Resources with you

Thanks in Advance,

I’m a Logrhythm user and would willing to try it, assuming you still need testers.


If you are still needing people to work with. OSU uses qradar and would be willing to trial a log grabber. We where just looking at rolling out an opensource one, but would rather get your vendor produced mechanism working.

John Rogers
Lead IT Security Engineer
Oklahoma State University


We use LogRhythm and would be happy to help test.


Hi Dan,

I am very happy to help you. We previously worked with a python script and run the cronjob to grab the logs from duo api and forwarded syslogs to Qradar. All of the sudden we are not getting logs from duo from the month feb. We already Qradar DSM for Duo logs to understand and process the logs. We already raised a ticket with your support team to work on this. Please reach out me to my mail lravi@solenis.com

Hello everyone!

The new Duo Log Sync is now available for your testing!

Please remember this is a beta version.

Any and all feedback is welcome (whether that is a: “IT WORKS” or a “THIS DOES NOT WORK”) it really does help us.

Any questions or queries please just comment!

Kind regards,


Hey Dan,
Just to be clear as to which piece of the puzzle this is doing, this is just pulling Duo logs to a local server, to then be picked up by whatever SEIM I’m using?

Hi all! Just a quick note that Duo Log Grabber is now generally available and you can read more about it in this post: Announcing Duo Log Sync: Fetch Duo logs for ingestion into a SIEM

Hi Kstieers,
You can host the DLS on either a server or your local machine and then point it to your SIEM and off you go!