Skip to content

Commit d9974dc

Browse files
maxvpmaxvp
authored
[Gateway/DLS] No Gateway logs with CMB (#16404)
1 parent 91c674a commit d9974dc

File tree

2 files changed

+18
-86
lines changed
  • src/content/docs
    • cloudflare-one/insights/logs/gateway-logs
    • data-localization/metadata-boundary

2 files changed

+18
-86
lines changed

src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx

Lines changed: 9 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,13 @@ pcx_content_type: reference
33
title: Gateway activity logs
44
sidebar:
55
order: 3
6-
76
---
87

9-
import { Render } from "~/components"
10-
11-
:::note
8+
import { Render } from "~/components";
129

10+
:::note[Private source IP substitution]
1311

14-
Gateway logs will only show the public Source IP address. Private IP addresses are NAT-ed behind a public IP address.
15-
12+
Gateway logs will only show the public IP address for the **Source IP** field. Private IP addresses are substituted by a public IP address via network address translation (NAT).
1613

1714
:::
1815

@@ -34,8 +31,6 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
3431

3532
#### Basic information
3633

37-
38-
3934
| Field | Description |
4035
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
4136
| **DNS** | Name of the domain that was queried. |
@@ -44,37 +39,25 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
4439
| **Time** | Date and time of the DNS query. |
4540
| **Resolver Decision** | The reason why Gateway applied a particular **Action** to the request. Refer to the [list of resolver decisions](#resolver-decisions). |
4641

47-
48-
4942
#### Matched policies
5043

51-
52-
5344
| Field | Description |
5445
| ---------------------- | ---------------------------------------------------- |
5546
| **Policy Name** | Name of the matched policy (if there is one). |
5647
| **Policy ID** | ID of the matched policy (if there is one). |
5748
| **Policy Description** | Description of the matched policy (if there is one). |
5849

59-
60-
6150
#### Custom resolver
6251

63-
64-
6552
| Field | Description |
6653
| -------------------------- | ----------------------------------------------------------- |
6754
| **Address** | Address of your custom resolver. |
6855
| **Policy** | Name of the matched resolver policy. |
6956
| **Response** | Status of the custom resolver response. |
7057
| **Time (in milliseconds)** | Duration of time it took for the custom resolver to respond |
7158

72-
73-
7459
#### Identities
7560

76-
77-
7861
| Field | Description |
7962
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
8063
| **Email** | Email address of the user who registered the WARP client where traffic originated from. |
@@ -83,12 +66,8 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
8366
| **Device ID** | UUID of the device connected with the WARP client. Each unique device in your organization will have a UUID associated with it each time the device is registered for a particular email. The same physical device may have multiple UUIDs associated with it. |
8467
| **Last authenticated** | Date and time the user last authenticated their Zero Trust session. |
8568

86-
87-
8869
#### DNS query details
8970

90-
91-
9271
| Field | Description |
9372
| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
9473
| **Query Type** | Type of [DNS query](https://en.wikipedia.org/wiki/List_of_DNS_record_types). |
@@ -106,12 +85,8 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
10685
| **DNS Location** | [User-configured location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) from where the DNS query was made. |
10786
| **Location ID** | ID of the DNS location where the query originated. |
10887

109-
110-
11188
### Resolver decisions
11289

113-
114-
11590
| Name | Value | Description |
11691
| ------------------------ | ----- | ----------------------------------------------------------- |
11792
| `blockedByCategory` | `3` | Domain or hostname matched a category in a Block policy. |
@@ -123,51 +98,37 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
12398
| `blockedRule` | `9` | IP address in the response matched a Block policy. |
12499
| `allowedRule` | `10` | IP address in the response matched an Allow policy. |
125100

126-
127-
128101
## Network logs
129102

130103
:::caution[Failed connection logs]
131104

132-
133105
Gateway will only log failed connections in [network session logs](/logs/reference/log-fields/account/zero_trust_network_sessions/). These logs are available for Enterprise users via [Logpush](/cloudflare-one/insights/logs/logpush/) or [GraphQL](/cloudflare-one/insights/analytics/gateway/#graphql-queries).
134106

135-
136107
:::
137108

138109
### Explanation of the fields
139110

140111
#### Basic information
141112

142-
143-
144113
| Field | Description |
145114
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
146115
| **Source IP** | IP address of the user sending the packet. |
147116
| **Source Internal IP** | Private IP address assigned by the user's local network. |
148-
| **Destination IP** | IP address of the packets target. |
117+
| **Destination IP** | IP address of the packet's target. |
149118
| **Action** | The Gateway [Action](/cloudflare-one/policies/gateway/dns-policies/#actions) taken based on the first rule that matched (such as Allow or Block). |
150119
| **Session ID** | ID of the unique session. |
151120
| **Time** | Date and time of the session. |
152121

153-
154-
155122
#### Matched policies
156123

157-
158-
159124
| Field | Description |
160125
| ---------------------- | ----------------------------------------------------- |
161126
| **Policy Name** | Name of the matched policy (if there is one). |
162127
| **Policy ID** | ID of the policy enforcing the decision Gateway made. |
163128
| **Policy Description** | Description of the matched policy (if there is one). |
164129

165-
166-
167130
#### Identities
168131

169-
170-
171132
| Field | Description |
172133
| ---------------------- | ----------------------------------------------------------------------------------- |
173134
| **Email** | Email address of the user sending the packet. This is generated by the WARP client. |
@@ -176,18 +137,14 @@ Gateway will only log failed connections in [network session logs](/logs/referen
176137
| **Device ID** | ID of the device that sent the packet. This is generated by the WARP client. |
177138
| **Last Authenticated** | Date and time the user last authenticated with Zero Trust. |
178139

179-
180-
181140
#### Network query details
182141

183-
184-
185142
| Field | Description |
186143
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
187144
| **Source IP** | IP address of the user sending the packet. |
188145
| **Source Port** | Source port number for the packet. |
189146
| **Source Country** | Country code for the packet source. |
190-
| **Destination IP** | IP address of the packets target. |
147+
| **Destination IP** | IP address of the packet's target. |
191148
| **Destination Port** | Destination port number for the packet. |
192149
| **Destination Country** | Destination port number for the packet. |
193150
| **Protocol** | Protocol over which the packet was sent. |
@@ -197,24 +154,18 @@ Gateway will only log failed connections in [network session logs](/logs/referen
197154
| **Category details** | Category or categories associated with the packet. |
198155
| **Proxy PAC Endpoint** | [PAC file proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
199156

200-
201-
202157
## HTTP logs
203158

204159
:::note
205160

206-
207161
When an HTTP request results in an error, Gateway logs the first 512 bytes of the request for 30 days for internal troubleshooting. Otherwise, Gateway does not log HTTP bodies.
208162

209-
210163
:::
211164

212165
### Explanation of the fields
213166

214167
#### Basic information
215168

216-
217-
218169
| Field | Description |
219170
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
220171
| **Host** | Hostname in the HTTP header for the HTTP request. |
@@ -229,24 +180,16 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th
229180
| **DLP profile entries** | Name of the matched entry within the DLP profile (if there is one). |
230181
| **Uploaded/downloaded file** | <Render file="gateway/uploaded-downloaded-file" /> |
231182

232-
233-
234183
#### Matched policies
235184

236-
237-
238185
| Field | Description |
239186
| ---------------------- | ---------------------------------------------------- |
240187
| **Policy Name** | Name of the matched policy (if there is one). |
241188
| **Policy ID** | ID of the matched policy (if there is one). |
242189
| **Policy Description** | Description of the matched policy (if there is one). |
243190

244-
245-
246191
#### Identities
247192

248-
249-
250193
| Field | Description |
251194
| ---------------------- | -------------------------------------------------------------------------------------------------------------------- |
252195
| **Email** | Email address of the user who made the HTTP request. This is generated by the WARP client. |
@@ -255,12 +198,8 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th
255198
| **Device ID** | ID of the device that made the request. This is generated by the WARP client on the device that created the request. |
256199
| **Last Authenticated** | Date and time the user last authenticated with Zero Trust. |
257200

258-
259-
260201
#### HTTP query details
261202

262-
263-
264203
| Field | Description |
265204
| -------------------------- | ----------------------------------------------------------------------------------------------------------- |
266205
| **HTTP Version** | HTTP version of the origin that Gateway connected to on behalf of the user. |
@@ -277,12 +216,8 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th
277216
| **Blocked file reason** | Reason why the file was blocked if a file transfer occurred or was attempted. |
278217
| **Category details** | Category the blocked file belongs to. |
279218

280-
281-
282219
#### File detection details
283220

284-
285-
286221
| Field | Description |
287222
| ---------------- | -------------------------------------------------- |
288223
| **Name** | Name of the detected file. |
@@ -293,8 +228,6 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th
293228
| **Direction** | Upload or download direction of the detected file. |
294229
| **Action** | The Action Gateway applied to the request. |
295230

296-
297-
298231
### Enhanced file detection
299232

300233
Enhanced file detection is an optional feature to extract more file information from HTTP traffic. When turned on, Gateway will read file information from the HTTP body rather than the HTTP headers to provide greater accuracy and reliability. This feature may have a minor impact on performance for file-heavy organizations.
@@ -308,3 +241,7 @@ To turn on enhanced file detection:
308241
### Isolate requests
309242

310243
When a user creates an [isolation policy](/cloudflare-one/policies/browser-isolation/isolation-policies/), Gateway logs the initial request that triggers isolation as an Isolate action. Because this request is not isolated yet, the `is_isolated` field will return `false`. Zero Trust then securely returns the result to the user in an isolated browser. Gateway will log all subsequent requests in the isolated browser with the action (such as Allow or Block), and the `is_isolated` field will return `true`.
244+
245+
## Limitations
246+
247+
Gateway activity logs are not available in the dashboard if you turn on the [Customer Metadata Boundary](/data-localization/metadata-boundary/) within Cloudflare Data Localization Suite (DLS). Enterprise users using CMB can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/). For more information, refer to [DLS product compatibility](/data-localization/compatibility/#zero-trust).

0 commit comments

Comments
 (0)