Table: duo_admin_log_record
Query records in the admin log for your Duo account.
Notes:
- Unless you specify a time range with
timestamp, defaults to the last 30 days. - Duo has documentation for the action types.
Examples
Admin log records for the last 30 days (default time range)
select *from duo_admin_log_recordorder by timestamp descAdmin log records for the last 24 hours
select *from duo_admin_log_recordwhere timestamp > current_timestamp - interval '24 hours'order by timestamp descAdmin log records for a specific time range
select *from duo_admin_log_recordwhere timestamp >= '2022-04-17T07:00:00-04:00' and timestamp < '2022-04-17T08:00:00-04:00'order by timestamp descFailed login attempts in the last 7 days
select *from duo_admin_log_recordwhere action = 'admin_login_error' and timestamp > current_timestamp - interval '7 days'order by timestamp desc.inspect duo_admin_log_record
Admin log records in the Duo account.
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| action | text | The type of change that was performed, e.g. admin_login, group_create, user_update. |
| description | jsonb | Details of what changed, format varies based on the action. |
| object | text | The object that was acted on. For example: 'jsmith' (for users), '(555) 713-6275 x456' (for phones), or 'HOTP 8-digit 123456' (for tokens). |
| timestamp | timestamp with time zone | Time when the event occurred. |
| username | text | The full name of the administrator who performed the action in the Duo Admin Panel. If the action was performed with the API this will be 'API'. Automatic actions like deletion of inactive users have 'System' for the username. Changes synchronized from Directory Sync will have a username of the form (example) 'AD Sync: name of directory'. |