Cloudflare Enterprise customers have access to Logpush service, which allows you to forward logs to cloud service providers like AWS. This tutorial demonstrates how to send your logs to Coralogix.
To start sending data directly to Coralogix, select the type of logs (data-sets) and fields that will be sent here.
To create the logpush job, call the API using the terminal. Input your Coralogix domain into the following endpoint URL [destination_conf
]: https://<coralogix_domain>/cloudflare/v1/logs.
curl -s https://api.cloudflare.com/client/v4/zones/<zone_id>/logpush/jobs -X POST \ -H "Content-Type:application/json" \ -d '{ "name": "logpush-to-coralogix", "logpull_options": "fields=RayID,EdgeStartTimestamp×tamps=unixnano", "destination_conf": "<https://<coralogix_domain>/cloudflare/v1/logs>?header_Authorization=Bearer%20<Send_your_data_key>&header_timestamp-format=UnixNano&header_dataset=HTTPRequests", "max_upload_bytes": 5000000, "max_upload_records": 1000, "dataset": "http_requests", "enabled": true, "frequency": "low" }' \ -H "X-Auth-Email: <Your_Auth_Email>" \ -H "X-Auth-Key: <Your_API_Key>"
Notes:
application_name
as Cloudflare
, and subsystem_name
as the data set name. To overwrite these parameters, add the following:
header_CX-Application-Name
– application name override header_CX-Subsystem-Name
– subsystem name overrideDataset name | Header name | ‘Timestamp’ key | Scope |
dns_logs | DNSLogs | Timestamp | Zone |
firewall_events | FirewallEvents | Datetime | Zone |
http_requests | HTTPRequests | EdgeStartTimestamp | Zone |
nel_reports | NELReports | Timestamp | Zone |
spectrum_events | SpectrumEvents | Timestamp | Zone |
audit_logs | AuditLogs | When | Account |
gateway_dns | GatewayDNS | Datetime | Account |
gateway_http | GatewayHTTP | Datetime | Account |
gateway_network | GatewayNetwork | Datetime | Account |
network_analytics_logs | NetworkAnalyticsLogs | Datetime | Account |
access_requests | AccessRequests | CreatedAt | Account |
casb_findings | CASBFindings | DetectedTimestamp | Account |
dns_firewall_logs | DNSFirewallLogs | Timestamp | Account |
magic_ids_detections | MagicIDSDetections | Timestamp | Account |
workers_trace_events | WorkersTraceEvents | EventTimestampMs | Account |
After creating the logpush, view it in the terminal.
curl -s https://api.cloudflare.com/client/v4/zones/<Zone_ID>/logpush/jobs -X GET \ -H "X-Auth-Email: <Your_Auth_Email>" \ -H "X-Auth-Key: <Your_Auth-Key>"
Or in the dashboard itself under ‘Websites’ -> ‘<Your-site>’ -> ‘Analytics’ -> ‘Logs’.
AWS S3 bucket – Follow the tutorial to send logs from the S3 bucket to Coralogix: https://coralogix.com/integrations/data-collection-s3/
To enable the Clouflare Logpush service:
Once connected, Cloudflare lists the provider you just configured under Logs > Logpush. This is where you can make changes or remove the provider.
If all steps were executed properly, you should see files in your S3 bucket and also in Coralogix.
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].