This section explains how to initialize the Duo Beat after configuration.
- Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
- Duo Admin API credentials. If you have not already configured it, follow the instructions in Configure Duo Admin API for Duo Beat, and return to this topic.
- Any service configured with Duo for authentication, to get authentication logs.
The following port is open:
Initialize the Beat
To confirm the Open Collector is running, run the following command:CODE
You should see the open_collector and metrics versions:
To start the Beat, run the following command:CODE
./lrctl duobeat start
Select New duobeat instance from the Select duobeat instance prompt.
- Enter a unique beat identifier for this duobeat instance.
Enter the Admin API Hostname.
- Enter the Admin API Integration key.
- Enter the Admin API Secret key.
- Enter the log type. By default the supported log types are Admin, Auth and Telephony Log. Press Enter to select default log type.
The duobeat service started message appears.
To check the status of the service, run the following command:CODE
./lrctl duobeat status
Default Config Values for duobeat:
|S.No||Field Name||Default Values|
The recommended request interval is 40s to avoid the too many requests error.
Duo recommends requesting logs no more than once per minute. If the period time is below 40 sec it will default set to 40 sec.
Number of back days must be a non-negative number.
Duo supports only 180 days back log data. Therefore the range for this value is 0-180 days.
Number of logs to be fetched per request from Duo for Auth logs. It should be in the range 1-1000. Admin and Telephony logs don't support this limit, default limit for these logs is 1000 and it cannot be changed.
- There is an intentional two minute delay in availability of new authentications in the API response. Duo operates a large scale distributed system, and this two minute buffer period ensures that calls will return consistent results.
- Duo recommends requesting logs no more than once per minute.
- MPS will be low due to Duos' once per minute request limitation.