Duo Windows Configuration

NeQter Labs How to Guides

Duo Log Sync – Windows Setup Guide

Step 1: Verify prerequisites

Before getting started, confirm the following system requirements are met on the target Windows device:

Windows 11 (Pro or Enterprise) or Windows Server (2019+)

Administrator privileges

Python 3.8+ (if not using the DuoLogSync executable)

Internet access to Duo API endpoints

A configured config.yml file with valid Duo API credentials

You will also need to ensure outbound network connectivity from the device hosting the Duo Log Sync Application is able to reach the following:

api-XXXXXXXX.duosecurity.com (replace with your Duo API hostname)

Your NeQter’s Syslog listener (UDP/TCP port as required)

Step 2: Prepare files and directories

The table below outlines the files and directories used by Duo Log Sync. All items should live under C:\DuoLogSync\.

Item	Description	Location
`duologsync.exe` or Python script	Duo Log Sync binary	`C:\DuoLogSync`
`config.yml`	Configuration file for Duo Log Sync	`C:\DuoLogSync\config.yml`
`logs` folder	Optional, for local logging output	`C:\DuoLogSync\logs\`

Step 3: Create the configuration file (config.yml)

There is an example config file listed on the DuoLogSync GitHub page. Below is a working example you can use as a starting point. Replace the placeholder values with your actual Duo API credentials and NeQter IP address.

duo:
  api_hostname: api-XXXXXXXX.duosecurity.com
  ikey: DIXXXXXXXXXXXXXXXXXX
  skey: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  endpoints:
    - admin
    - auth

syslog:
  enabled: true
  protocol: udp
  server: 192.168.1.50  # <-- NeQter IP address
  port: 514
  format: cef  # or json

log:
  level: info
  file: C:\DuoLogSync\logs\duologsync.log

NOTE: Ensure the Duo Admin API is enabled and your integration key has proper permissions for the chosen endpoints. Without the correct permissions the sync will fail with an access error.

Step 4: Install Duo Log Sync

1. Download the latest release of Duo Log Sync for Windows from the official Duo GitHub repository:

https://github.com/duosecurity/duo_log_sync/releases

2. Extract the contents to C:\DuoLogSync\ and place your pre-created config.yml file in the same directory.

Step 5: Test the configuration

1. Open Command Prompt as Administrator and navigate to the Duo Log Sync directory:

cd C:\DuoLogSync

2. Test the configuration by running:

duologsync.exe --config config.yml --test

This command validates the YAML syntax and Duo API connectivity.

3. Once validation passes, run manually to test syslog output:

duologsync.exe --config config.yml --log-level debug

4. Confirm logs are being received on the NeQter before proceeding.

Step 6: Run Duo Log Sync as a background service

To ensure Duo Log Sync runs continuously you can install it as a Windows Service using NSSM (Non-Sucking Service Manager) or Task Scheduler.

Option A – Using NSSM

1. Download NSSM and install the service by running:

nssm install DuoLogSync

2. In the NSSM GUI, fill in the following fields:

Path: C:\DuoLogSync\duologsync.exe Startup directory: C:\DuoLogSync Arguments: --config config.yml

3. Click Install service, then start it by running:

nssm start DuoLogSync

Option B – Using Task Scheduler

Open Task Scheduler and select Create Task. Configure the following:

1. Under General – check “Run with highest privileges” and configure for Windows 11.

2. Under Actions – set “Start a program” with C:\DuoLogSync\duologsync.exe as the program/script and --config config.yml as the arguments.

3. Under Triggers – set the task to begin “At startup”.

Step 7: Validate

Confirm Duo Log Sync is running by opening PowerShell and running:

Get-Process duologsync

Verify logs in the NeQter by filtering for Duo events or your configured facility. You can also review the local log file at:

C:\DuoLogSync\logs\duologsync.log

Return to Input Configuration