Logging for Duo Authentication Proxy on Windows


#1

In order to be compliant with PCI-DSS and other security assessments, we need to be able to forward the logs in some manner. Our preference is to have the logs be added to the Windows Application Event Logs, or simply forward typical syslogs to a SIEM such as OSSEC server (not Splunk). Is there a way to do this?


#2

You may be interested in the log_auth_events option, described in here, that produces a lof gile suitable to import into a SIEM. More detailed information about this option is available here.

When running the Duo proxy on Linux, the log_syslog option sends output to syslog instead of the default authproxy.log file.

Windows Event logging is not available as an output option. Please contact your Duo account exec, customer success manager, or Duo Support to submit this as a feature request.


#3

Thanks. To clarify, does the log_syslog work on Windows to get it into the right format?


#4

No, as I stated and per the linked Authentication proxy Reference document, log_syslog is a *nix option.