Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
1
Helpful
1
Replies

Trust Monitor alerts and Splunk Connector

Ricker_Cyber
Level 1
Level 1

‎04-22-2022 06:53 AM

Looking to ingest the alerts generated by Trust Monitor into Splunk using the Splunk connector. I see that the directory path to the logs is different from what the Splunk connector is looking for. Is there a way to configure the connector to ingest trust monitor alerts as well? Would rather not have to use two log forwarding methods, one currently in place for Duo auth and one just for trust monitor. If I need to direct to Splunk I can was not sure who controls the connector.

Labels:
0 Helpful
1 Reply 1

DuoPablo
Cisco Employee
Cisco Employee

‎04-25-2022 12:01 PM

Hi @Ricker_Cyber ,

The Splunk Connector integration uses v1 of our Auth Log handlers and does not support the Trust Monitor endpoint. In order to ingest Trust Monitor logs into Splunk, you can configure Duo Log Sync as this not only supports v2 Auth Log handlers but also the Trust Monitor endpoint (JSON only). You can then replace the Splunk Connector with DLS going forward so that they are consolidated into one data input for Splunk.

Does Duo Log Sync export Duo Trust Monitor logging?

Hope this helps!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents