Skip to main content

Cloudflare

Cloudflare provides a feature named Logpush that enables logs to be forwarded to 3rd party logging solutions. Logs are delivered near realtime in small batches.

Note

This feature is only available with an enterprise plan or by subscribing to a paid workers plan.

Bronto API Key

First an API key is required in order to be able to successfully ingest data into Bronto. To generate an API key in Bronto, please refer to the API Keys documentation.

Cloudflare API Key

A Cloudflare API key is also required for the setup, a global API key can be used or alternatively a custom API token with Logs:Edit permissions can be created.

Note

Bronto will not see the Cloudflare API Key or Token.

cloudflare configuration

Cloudflare Logging Configuration

Management of HTTP destinations is via a REST API, the full API docs can be found here. Once a new logging endpoint is created, it's visible in the Cloudflare UI under Analytics & Logs -> Logpush.

cloudflare api token

To create a new Logpush job to forward logs to Bronto, make the follow curl request:

Create Logpush Job
curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/<YOUR_CLOUDFLARE_ACCOUNT_ID>/logpush/jobs \
   --header 'Content-Type: application/json' \
   --header 'X-Auth-Email: <YOUR_CLOUDFLARE_EMAIL>' \
   --header 'X-Auth-Key: <YOUR_CLOUDFLARE_API_KEY>' \
   --data '{
   "dataset": "workers_trace_events",
 "destination_conf": "https://ingestion.eu.bronto.io/?header_x-bronto-api-key=<YOUR_API_KEY>&service_namespace=<YOUR_NAMESPACE_NAME>&service_name=<YOUR_SERVICE_NAME>",
   "enabled": true,
   "output_options": {
    "field_delimiter": ",",
     "batch_prefix": "",
     "batch_suffix": "",
     "CVE-2021-44228": false,
     "field_names": [
       "DispatchNamespace",
       "Entrypoint",
       "Event",
       "EventTimestampMs",
       "EventType",
       "Exceptions",
       "Logs",
       "Outcome",
       "ScriptName",
       "ScriptTags",
       "ScriptVersion"
     ],
     "output_type": "ndjson",
     "sample_rate": 1,
     "timestamp_format": "unixnano"
   }
 }'

To verify a Logpush job has been created, make the following curl request:

View Logpush Jobs
curl --request GET \
   --url https://api.cloudflare.com/client/v4/accounts/<YOUR_CLOUDFLARE_ACCOUNT_ID>/logpush/jobs \
   --header 'Content-Type: application/json' \
   --header 'X-Auth-Email: <YOUR_CLOUDFLARE_EMAIL>' \
   --header 'X-Auth-Key: <YOUR_CLOUDFLARE_API_KEY>'