Skip to main content
Skip table of contents

Initialize the Duo Beat

This section explains how to initialize the Duo Beat after configuration.


  • Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
  • Duo Admin API credentials. If you have not already configured it, follow the instructions in Configure Duo Admin API for Duo Beat, and return to this topic.
  • Any service configured with Duo for authentication, to get authentication logs. 
  • The following port is open:






Initialize the Beat 

  1. To confirm the Open Collector is running, run the following command:

    ./lrctl status 

    You should see the open_collector and metrics versions:

    If the Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

  2. To start the Beat, run the following command:

    ./lrctl duobeat start 
  3. Select New duobeat instance from the Select duobeat instance prompt.

  4. Enter a unique beat identifier for this duobeat instance.
  5. Enter the Admin API Hostname.

  6. Enter the Admin API Integration key.
  7. Enter the Admin API Secret key.
  8. Enter the log type. By default the supported log types are Admin, Auth and Telephony Log. Press Enter to select default log type.

    The duobeat service started message appears.
  9. To check the status of the service, run the following command:

    ./lrctl duobeat status

Default Config Values for duobeat:

S.NoField NameDefault Values


The recommended request interval is 40s to avoid the too many requests error.

Duo recommends requesting logs no more than once per minute. If the period time is below 40 sec it will default set to 40 sec.

4integrationKeyUser Provided
5secretKeyUser Provided


Number of back days must be a non-negative number.

Duo supports only 180 days back log data. Therefore the range for this value is 0-180 days.



AuthLog, AdminLog,TelephonyLog
8hostnameUser Provided


Number of logs to be fetched per request from Duo for Auth logs. It should be in the range 1-1000. Admin and Telephony logs don't support this limit, default limit for these logs is 1000 and it cannot be changed.


  1. There is an intentional two minute delay in availability of new authentications in the API response. Duo operates a large scale distributed system, and this two minute buffer period ensures that calls will return consistent results.
  2. Duo recommends requesting logs no more than once per minute.
  3. MPS will be low due to Duos' once per minute request limitation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.