Cloudflare Enterprise customers have access to Logpush service which allows you to forward logs to cloud service providers like AWS. In this tutorial, you will find all steps to send logs to Coralogix.
To start sending data directly to coralogix we first need to pick the type of logs (data-sets) and fields that will be sent, Cloudflare Data sets.
To create the logpush job we need to call the API using the terminal.
Please note that you need to specify the correct API endpoint for your cluster to match the last few characters of your Team’s name (see “destination_conf” field below after this table):
Cluster | API Endpoint |
---|---|
.coralogix.com | https://cdn-ingress.coralogix.com/api/v1/cloudflare/logs |
.app.coralogix.us | https://cdn-ingress.coralogix.us/api/v1/cloudflare/logs |
.app.coralogix.in | https://cdn-ingress.app.coralogix.in/api/v1/cloudflare/logs |
.app.eu2.coralogix.com | https://cdn-ingress.eu2.coralogix.com/api/v1/cloudflare/logs |
.app.coralogixsg.com | https://cdn-ingress.coralogixsg.com/api/v1/cloudflare/logs |
curl -s https://api.cloudflare.com/client/v4/zones/<zone_id>/logpush/jobs -X POST \ -H "Content-Type:application/json" \ -d '{ "name": "logpush-to-coralogix", "logpull_options": "fields=RayID,EdgeStartTimestamp×tamps=unixnano", "destination_conf": "https://cdn-ingress.coralogix.com/api/v1/cloudflare/logs?header_Authorization=Bearer%20<Send_your_data_key>&header_timestamp-format=UnixNano&header_dataset=HTTPRequests", "max_upload_bytes": 5000000, "max_upload_records": 1000, "dataset": "http_requests", "enabled": true, "frequency": "low" }' \ -H "X-Auth-Email: <Your_Auth_Email>" \ -H "X-Auth-Key: <Your_API_Key>"
Notes:
Dataset name | Header name | ‘Timestamp’ key | Scope |
dns_logs | DNSLogs | Timestamp | Zone |
firewall_events | FirewallEvents | Datetime | Zone |
http_requests | HTTPRequests | EdgeStartTimestamp | Zone |
nel_reports | NELReports | Timestamp | Zone |
spectrum_events | SpectrumEvents | Timestamp | Zone |
audit_logs | AuditLogs | When | Account |
gateway_dns | GatewayDNS | Datetime | Account |
gateway_http | GatewayHTTP | Datetime | Account |
gateway_network | GatewayNetwork | Datetime | Account |
network_analytics_logs | NetworkAnalyticsLogs | Datetime | Account |
After creating the logpush you can view it in the terminal
curl -s https://api.cloudflare.com/client/v4/zones/<Zone_ID>/logpush/jobs -X GET \ -H "X-Auth-Email: <Your_Auth_Email>" \ -H "X-Auth-Key: <Your_Auth-Key>"
Or in the dashboard itself under ‘Websites’ -> ‘<Your-site>’ -> ‘Analytics’ -> ‘Logs’.
AWS S3 bucket – Follow the tutorial to send logs from the S3 bucket to Coralogix: https://coralogix.com/integrations/data-collection-s3/
To enable the Clouflare Logpush service:
Once connected, Cloudflare lists the provider you just configured under Logs > Logpush. This is where you can make changes or remove the provider.
If all steps were executed properly, you should see files in your S3 bucket and also in Coralogix.
Contact us on via chat if you would like us to add Cloudflare Dashboards.