forked from duosecurity/duo_log_sync
-
Notifications
You must be signed in to change notification settings - Fork 0
/
template_config.yml
145 lines (116 loc) · 5.05 KB
/
template_config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# IMPORTANT!: Use single quotes (''), NOT double quotes ("")!
# All fields marked 'REQUIRED' must have a value otherwise the config will be
# considered invalid. If something is not marked required, you may remove that
# field from the config if you are fine with the default value.
# Version of the config file. Do not change! Automatically updated for each
# config file change
version: '1.0.0'
# Fields for changing the functionality of DuoLogSync (DLS)
# The fields for dls_settings, including dls_setting itself are not required.
# Default values may be given for all the fields if you choose not to include
# them.
#dls_settings:
# File where DLS program messages / system messages will be written
# This is only for monitoring/debugging purpose and wont have actual logs written to this file
#log_filepath: '/tmp/duologsync.log'
# How Duo logs should be formatted before being sent to a server/siem. Valid options are CEF, JSON
# If this section is left commented, default will be JSON
#log_format: 'JSON'
# Setting related to API calls for Duo logs
#api:
# Days in the past from which record retrieval should begin.
# Maximum logs that can be fetched is 180 days in past
#offset: 180
# Seconds to wait between API calls (for fetching Duo logs)
# If timeout is less than 120 seconds, DLS will default it to 120 seconds to be in accordance
# with Duo API rate limits
#timeout: 120
# Settings related to saving API call offset information into files for use
# when DLS crashes so that DLS can pickup where it left off.
# By default, entire section is commented out. DLS will still create checkpoint files in the
# default directory which is /tmp/. Uncomment sections to give custom path
#checkpointing:
# Whether checkpoint files should be created to save offset information
# about API calls. If true, the value set for directory (or the default of
# '/tmp') is where DLS will look for checkpoint files to recover offset
# information from.
# Valid options are False, True
#enabled: False
# Directory where checkpoint files should be stored.
#directory: '/tmp'
# Setting related to Http Proxy to proxy Duo requests
#proxy:
# Host/IP for Http Proxy
#proxy_server: 'example.proxy.com'
# Port for Http Proxy
#proxy_port: 8080
# Settings related to Syslog support for JSON messages. By default, DLS JSON messages do not contain a header.
# If your SIEM requires a Syslog header prepended to the JSON message set enabled to True.
# DLS will default to the newer RFC5424 formatting, but also supports the older RFC3164.
#syslog:
# Whether a Syslog header should be prepended to each JSON log
# Valid options are False, True
#enabled: False
# Syslog header format
# Valid options are 'RFC5424', 'RFC3164'
#format: 'RFC5424'
# List of servers and how DLS will communicate with them
servers:
# Descriptive name for your server
# REQUIRED
- id: ''
# Address of server to which Duo logs will be sent. If there is nothing that consumes these
# logs, they will be lost, since writing to local storage is not supported
# REQUIRED
hostname: ''
# Port of server to which logs will be sent
# MINIMUM: 0
# MAXIMUM: 65535
# REQUIRED
port:
# Transport protocol used to communicate with the server
# OPTIONS: TCP, TCPSSL, UDP
# REQUIRED
protocol: ''
# Location of the certificate file used for encrypting communication for
# TCPSSL. TCPSSL expects that there are .key and .cert files that store keys. For configuration,
# give path of .cert/.pem file that has keys
# REQUIRED only if protocol is TCPSSL
cert_filepath: ''
# To add another server, copy and paste the above, change the server name to
# something unique and descriptive, and fill out the 3 (or 4) fields required
# like so...
# - id:
# hostname:
# port:
# protocol:
# cert_filepath:
# Account which is used to access Duo logs and tell DLS which logs to fetch.
# For MSP accounts, this should have details for the Accounts API integration.
# All child account logs will be fetched
account:
# Integration key
# REQUIRED
ikey: ''
# Private key, keep this safe
# REQUIRED
skey: ''
# api-hostname of the server hosting this account's logs shown on duo admin panel
# REQUIRED
hostname: ''
# Here you define to what servers the logs of certain endpoints should go.
# This is done by creating a mapping (start with dash -) and then defining
# what endpoints the mapping is for as a list and the what server apply to
# those endpoints.
# ENDPOINTS OPTIONS: adminaction, auth, telephony
# SERVERS OPTIONS: any server id defined above in the list of servers
# REQUIRED
endpoint_server_mappings:
#- endpoints: ['adminaction', 'auth']
# server: 'Server_2'
#- endpoints: ['telephony']
# server: 'Server_1'
# Whether this account is a Duo MSP account with child accounts. If True,
# then all the child accounts will be accessed and logs will be pulled for
# each child account. Not required.
is_msp: False