Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Integrations

Terraform Module for Cloudflare Logpush Terraform Module for Cloudflare Logpush

Last Updated: Jul. 20, 2022

Terraform simplifies the way we deploy our infrastructure and allows us to maintain it as code.

Using our Terraform Modules, you can easily install and manage Cloudflare logpush integrations to Coralogix as modules in your infrastructure code.

Our modules are open source and available on our Github and in the Terraform Registry.

Installation

This module will be creating a Logpush job which will send logs to your Coralogix account.

Note: This module requires Terraform  Version 1.20+ 

To use the module, first, add the provider configure block to your Terraform project:

terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 3.0"
    }
  }
}

provider "cloudflare" {
  email   = "[email protected]"
  api_key = "7ae12522bce3d8d988ec5f0ed8b8ef9016e09"
}

Important variables to change:

cloudflare.email – Your email used in cloudflare.

cloudflare.api_key – Your API key for cloudflare.

Then add the module block:

module "logpush-job" {
    source = "coralogix/cloudflare/coralogix//modules/logpush-job"

    coralogix_region   = "Europe"
    coralogix_private_key = "79cf16dc-0dfa-430e-a651-ec76bfa96d01"
    cloudflare_logpush_dataset = "http_requests"
    cloudflare_logpush_fields = "RayID,ZoneName" # can be left empty aswell for all fields
    cloudflare_zone_id = "ca17eeeb371963f662965e4de0ed7403" # to be used with zone-scoped datasets
    # cloudflare_account_id = "bc20385621cb7dc622aeb4810ca235df" # to be used with account-scoped datasets
}

Important variables to change:

  • coralogix_region – The Coralogix location region, possible options are [Europe, Europe2, India, Singapore, US]
  • coralogix_private_key – The Coralogix private key which is used to validate your authenticity (can be retrieved from the coralogix dashboard in Dataflow -> API Keys -> Send Your Data key)
  • cloudflare_logpush_dataset – The cloudflare logpush job data-set
  • cloudflare_logpush_fields – The logpush dataset specific fields to log delimited with comma, leave empty to include all fields. the timestamp and its variants are included automatically.
  • cloudflare_zone/account_id – Your zone/account id, can be retrieved from cloudflare dashboard or API.

We also have a Terraform Provider to help manage your Coralogix resources such as rules and alerts. Learn more about the Coralogix Terraform Provider and how to install it here.

If you have any questions, feel free to reach out to our team via our in-app chat!

Values Table:

DatasetFields
dns_logsColoCode, EDNSSubnet, EDNSSubnetLength, QueryName, QueryType, ResponseCached, ResponseCode, SourceIP
firewall_eventsAction, ClientASN, ClientASNDescription, ClientCountry, ClientIP, ClientIPClass, ClientRefererHost, ClientRefererPath, ClientRefererQuery, ClientRefererScheme, ClientRequestHost, ClientRequestMethod, ClientRequestPath, ClientRequestProtocol, ClientRequestQuery, ClientRequestScheme, ClientRequestUserAgent, EdgeColoCode, EdgeResponseStatus, Kind, MatchIndex, Metadata, OriginResponseStatus, OriginatorRayID, RayID, RuleID, Source
http_requestsBotScoreCloudflare, BotScoreSrc, BotTags, CacheCacheStatus, CacheResponseBytes, CacheResponseStatus, CacheTieredFill, ClientASN, ClientCountry, ClientDeviceType, ClientIP, ClientIPClass, ClientMTLSAuthCertFingerprint, ClientMTLSAuthStatus, ClientRequestBytes, ClientRequestHost, ClientRequestMethod, ClientRequestPath, ClientRequestProtocol, ClientRequestReferer, ClientRequestScheme, ClientRequestSource, ClientRequestURI, ClientRequestUserAgent, ClientSSLCipher, ClientSSLProtocol, ClientSrcPort, ClientTCPRTTMs, ClientXRequestedWith, EdgeCFConnectingO2O, EdgeColoCode, EdgeColoID, EdgeEndTimestamp, EdgePathingOp, EdgePathingSrc, EdgePathingStatus, EdgeRateLimitAction, EdgeRateLimitID, EdgeRequestHost, EdgeResponseBodyBytes, EdgeResponseBytes, EdgeResponseCompressionRatio, EdgeResponseContentType, EdgeResponseStatus, EdgeServerIP, EdgeTimeToFirstByteMs, FirewallMatchesActions, FirewallMatchesRuleIDs, FirewallMatchesSources, JA3Hash, OriginDNSResponseTimeMs, OriginIP, OriginRequestHeaderSendDurationMs, OriginResponseBytes, OriginResponseDurationMs, OriginResponseHTTPExpires, OriginResponseHTTPLastModified, OriginResponseHeaderReceiveDurationMs, OriginResponseStatus, OriginResponseTime, OriginSSLProtocol, OriginTCPHandshakeDurationMs, OriginTLSHandshakeDurationMs, ParentRayID, RayID, RequestHeaders, ResponseHeaders, SecurityLevel, SmartRouteColoID, UpperTierColoID, WAFAction, WAFFlags, WAFMatchedVar, WAFProfile, WAFRuleID, WAFRuleMessage, WorkerCPUTime, WorkerStatus, WorkerSubrequest, WorkerSubrequestCount, ZoneID, ZoneName
nel_reportsClientIPASN, ClientIPASNDescription, ClientIPCountry, LastKnownGoodColoCode, Phase, Type
spectrum_eventsApplication, ClientAsn, ClientBytes, ClientCountry, ClientIP, ClientMatchedIpFirewall, ClientPort, ClientProto, ClientTcpRtt, ClientTlsCipher, ClientTlsClientHelloServerName, ClientTlsProtocol, ClientTlsStatus, ColoCode, ConnectTimestamp, DisconnectTimestamp, Event, IpFirewall, OriginBytes, OriginIP, OriginPort, OriginProto, OriginTcpRtt, OriginTlsCipher, OriginTlsFingerprint, OriginTlsMode, OriginTlsProtocol, OriginTlsStatus, ProxyProtocol, Status
audit_logsActionResult, ActionType, ActorEmail, ActorID, ActorIP, ActorType, ID, Interface, Metadata, NewValue, OldValue, OwnerID, ResourceID, ResourceType
gateway_dnsColoID, ColoName, DeviceID, DstIP, DstPort, Email, Location, MatchedCategoryIDs, Policy, PolicyID, Protocol, QueryCategoryIDs, QueryName, QueryNameReversed, QuerySize, QueryType, RData, ResolverDecision, SrcIP, SrcPort, UserID
gateway_httpAccountID, Action, BlockedFileHash, BlockedFileName, BlockedFileReason, BlockedFileSize, BlockedFileType, DestinationIP, DestinationPort, DeviceID, DownloadedFileNames, Email, HTTPHost, HTTPMethod, HTTPVersion,IsIsolated, PolicyID, Referer, RequestID, SourceIP, SourcePort, URL, UploadedFileNames, UserAgent, UserID
gateway_networkAccountID, Action, DestinationIP, DestinationPort, DeviceID, Email, OverrideIP, OverridePort , PolicyID, SNI, SessionID, SourceIP, SourcePort, Transport, UserID
network_analytics_logsAttackCampaignID, AttackID, ColoCountry, ColoGeoHash, ColoID, ColoName, DestinationASN, DestinationASNDescription, DestinationCountry, DestinationGeoHash, DestinationPort, Direction, GREChecksum, GREEthertype, GREHeaderLength, GREKey, GRESequenceNumber, GREVersion, ICMPChecksum, ICMPCode, ICMPType, IPDestinationAddress, IPDestinationSubnet, IPFragmentOffset, IPHeaderLength, IPMoreFragments, IPProtocol, IPProtocolName, IPSourceAddress, IPSourceSubnet, IPTotalLength, IPTotalLengthBuckets, IPTtl, IPTtlBuckets, IPv4Checksum, IPv4DontFragment, IPv4Dscp, IPv4Ecn, IPv4Identification, IPv4Options, IPv6Dscp, IPv6Ecn, IPv6ExtensionHeaders, IPv6FlowLabel, IPv6Identification, MitigationReason, MitigationScope, MitigationSystem, ProtocolState, RuleID, RulesetID, RulesetOverrideID, SampleInterval, SourceASN, SourceASNDescription, SourceCountry, SourceGeoHash, SourcePort, TCPAcknowledgementNumber, TCPChecksum, TCPDataOffset, TCPFlags, TCPFlagsString, TCPMss, TCPOptions, TCPSackBlocks, TCPSacksPermitted, TCPSequenceNumber, TCPTimestampEcr, TCPTimestampValue, TCPUrgentPointer, TCPWindowScale, TCPWindowSize, UDPChecksum, UDPPayloadLength, Verdict

Common errors table:

ErrorDescription
creating a new job is not allowed: Bot Management fields are not allowed (1004)Your cloudflare account plan doesn’t allow the specified fields in cloudflare_logpush_fields. contact cloudflare support to enable these fields.
creating a new job is not allowed: exceeded max jobs allowed (1004)Your cloudflare account plan doesn’t allow the specified dataset in cloudflare_logpush_dataset or you have reached your account maximum concurrent jobs. contact cloudflare support to ensure your account can create this logpush dataset and that you didn’t exceed your maximum jobs allowed.

On this page