All Apps and Add-ons

Can you configure the Duo Splunk Connector to use a web proxy?

Communicator

I'm trying to configure the Duo Splunk Connector on a Splunk heavy forwarder to leverage the web proxy configuration I have in Splunk's server.conf. This configuration works for all Splunk web communication, but doesn't seem to apply for the Duo inputs.

0 Karma

Explorer

Did you ever figure out a work around for this? I am facing the same issue right now.

0 Karma

Communicator

Never did. Not sure the add-on supports it.

0 Karma

Engager

@ejwade @imarks005 

This is a very "hacky" way but it works. I.e. fixing the app is beyond my scope of capabilities. Any updates to the app will almost certainly wipeout these modifications.

The Add-On uses the python module "duo_client" to make its api calls to DUO. I am modifying the duo_input.py file with an addition line of code in two if its functions. The file is located here:

$SPLUNK_HOME/etc/apps/duo_splunkapp/bin

Look for #Added the below line for the additional code in each code snippet.

Replace "proxyaddr" and "proxyport" with your proxy details.

First function: validate_arguments

def validate_arguments(ikey, skey, host, interval, offset_seconds=-140):
    '''
    Ensures that the provided credentials have access to different log types

    Also check that the interval is >= 120 seconds to avoid rate limiting.
    '''

    logger = logging.getLogger()

    if interval < 120:
        logger.error("User entered an interval under 120 seconds")
        print_error('The interval needs to be greater than or equal to 120 '
                    'seconds')
        raise ValueError("User entered an interval under 120 seconds")

    admin = duo_client.admin.Admin(
        ikey=ikey,
        skey=skey,
        host=host,
        ca_certs=duo_client.client.DEFAULT_CA_CERTS,
    )
    #Added the below line
    admin.set_proxy("proxyaddr", "proxyport")

    current_unix_ts = int(utils.get_time())

 

Second Function: run_script

 

def run_script():
    """Method will instantiate a duo_client.Admin object with the configured
    ikey/skey/api_host. In addition, it will call each log collector class to
    poll the Duo adminapi for JSON encoded data that gets written to stdout.
    """

    config = get_config()

    admin_api = duo_client.Admin(
        ikey=config['ikey'],
        skey=config['skey'],
        host=config['api_host'],
        ca_certs=None,
    )
    #Added the below line
    admin_api.set_proxy("proxyaddr", "proxyport")
    
    logclasses = (
        PaginatedAccountLog,
        PaginatedTelephonyLog,
        PaginatedAdministratorLog,
        PaginatedAuthenticationLog,
        PaginatedEndPointLog
    )


Hopefully the app is updated to include configuring a proxy via the UI.