adminaction consumer: failed to write some logs

[jsandova]

I am getting the following error about adminaction unable to write to logs. Any ideas?

2020-12-22 23:19:50 INFO Starting DuoLogSync 2020-12-22 23:19:50 INFO DuoLogSync: Opening connection to ls01-dev-qa.aofk.net:2514 2020-12-22 23:19:50 INFO duo_client Admin initialized for ikey: ***, host: api-**.duosecurity.com 2020-12-22 23:19:50 ERROR Could not read checkpoint file for adminaction logs, consuming logs from {log_offset} timestamp 2020-12-22 23:19:50 ERROR Could not read checkpoint file for auth logs, consuming logs from {log_offset} timestamp 2020-12-22 23:19:50 INFO adminaction producer: fetching next logs after 120 seconds 2020-12-22 23:19:50 INFO adminaction consumer: waiting for logs 2020-12-22 23:19:50 INFO auth producer: fetching next logs after 120 seconds 2020-12-22 23:19:50 INFO auth consumer: waiting for logs 2020-12-22 23:21:50 INFO adminaction producer: fetching logs 2020-12-22 23:21:50 INFO auth producer: fetching logs Traceback (most recent call last): 2020-12-22 23:21:50 INFO adminaction producer: adding 57 logs to the queue 2020-12-22 23:21:50 INFO adminaction producer: added 57 logs to the queue 2020-12-22 23:21:50 INFO adminaction producer: fetching next logs after 120 seconds 2020-12-22 23:21:50 INFO adminaction consumer: received 57 logs from producer 2020-12-22 23:21:50 INFO adminaction consumer: writing logs 2020-12-22 23:21:50 WARNING adminaction consumer: failed to write some logs File "/usr/local/lib/python3.6/dist-packages/duologsync-2.0.0-py3.6.egg/duologsync/consumer/consumer.py", line 66, in consume File "/usr/local/lib/python3.6/dist-packages/duologsync-2.0.0-py3.6.egg/duologsync/writer.py", line 97, in write File "/usr/lib/python3.6/asyncio/streams.py", line 329, in drain raise exc File "/usr/lib/python3.6/asyncio/selector_events.py", line 714, in _read_ready data = self._sock.recv(self.max_size) ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/bin/duologsync", line 11, in load_entry_point('duologsync==2.0.0', 'console_scripts', 'duologsync')() File "/usr/local/lib/python3.6/dist-packages/duologsync-2.0.0-py3.6.egg/duologsync/app.py", line 78, in main File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/usr/local/lib/python3.6/dist-packages/duologsync-2.0.0-py3.6.egg/duologsync/consumer/consumer.py", line 88, in consume File "/usr/local/lib/python3.6/dist-packages/duologsync-2.0.0-py3.6.egg/duologsync/producer/producer.py", line 205, in get_log_offset TypeError: 'NoneType' object is not subscriptable

[jsandova]

Here is my config.yml file.

version: '1.0.0' dls_settings: log_format: 'JSON' api: offset: 1 checkpointing: enabled: True directory: '/var/log/duo-logs' servers:

• id: 'duo-logging' hostname: '10.176.18.45' port: 2514 protocol: 'TCP' account: ikey: '' skey: '' hostname: 'api-***.duosecurity.com' endpoint_server_mappings:
  • endpoints: ['adminaction', 'auth'] server: 'duo-logging' is_msp: False

[jsandova]

I was able to get it working by switching to UDP and using fluentd to forward the logs to our datadog logging console.

[rka]

I had a similar issue and also solved it by using UDP. Really annoying because we would like to use TCP :/