I am trying to fetch Cisco Duo logs with the elastic agent integration. The Duo setup in my organization is a managed service by a vendor, so I have received the Integration Key, api hostname and secret key and configured the same on elastic agent as shown below:
However I am not seeing any logs coming in from Duo. Is there any way I can confirm from the elastic agent's logs that it is initiating the API calls to Duo? So that I can then check with vendor if permission have been given as required.
I enabled debug logging on this agent, but I cannot see any logs related to integrations. I also have Cloudflare integrating enabled on this same agent and those logs are coming in fine.
Hi @suraj.srinivasa - can you confirm the format of the hostname you've entered within the integration? I've often seen folks forgetting to include https:// at the start of the hostname and this causes issues.
Yes, I had read this was required so I have already added https before my api hostname. I can also see now in the debug logs of the agent that API requests are being made every 5 minutes as configured. But I still cant see the logs coming in, is there any way to inspect the response of the API call being made to Duo by the agent?
Hi @suraj.srinivasa, thanks for checking the format of the hostname - always best to run out the simple things first
The agent logs won't provide much insight into the integration itself. We'll need to see the Filebeat logs running on the local machine (where you have the agent installed). These should be available under /state/data/logs/default/filebeat-*
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
