In order to be compliant with PCI-DSS and other security assessments, we need to be able to forward the logs in some manner. Our preference is to have the logs be added to the Windows Application Event Logs, or simply forward typical syslogs to a SIEM such as OSSEC server (not Splunk). Is there a way to do this?
When running the Duo proxy on Linux, the
log_syslog option sends output to syslog instead of the default authproxy.log file.
Windows Event logging is not available as an output option. Please contact your Duo account exec, customer success manager, or Duo Support to submit this as a feature request.
Thanks. To clarify, does the log_syslog work on Windows to get it into the right format?
No, as I stated and per the linked Authentication proxy Reference document,
log_syslog is a *nix option.