|
| 1 | +--- |
| 2 | +title: Dedicated Egress IP for Logpush |
| 3 | +pcx_content_type: how-to |
| 4 | +sidebar: |
| 5 | + order: 101 |
| 6 | +head: |
| 7 | + - tag: title |
| 8 | + content: Dedicated Egress IP for Logpush |
| 9 | +--- |
| 10 | + |
| 11 | +This guide covers [Aegis](/aegis/) and Logpush configuration and testing instructions to enable log delivery with a fixed, dedicated egress IP. |
| 12 | + |
| 13 | +## Prerequisites |
| 14 | + |
| 15 | +To use Logpush with a dedicated egress IP, you will need to have Aegis IPs. Note that the Aegis IP pool is associated with a zone, not with an account. To use Logpush with dedicated IPs, traffic must be routed to a single zone. |
| 16 | + |
| 17 | +The general approach is to have your Logpush job proxying Logpush data through a Cloudflare zone with Aegis enabled to send data to your desired destination. This way your destination will only need to allowlist the provisioned Aegis IPs of your proxy zone. |
| 18 | + |
| 19 | +As a prerequisite, you need to create a dedicated zone or use an existing zone. If using an existing zone, be aware that the zone's egress will be restricted to Aegis IPs. Make sure all services using that zone will not be impacted. |
| 20 | + |
| 21 | +It is recommended to use a separate, dedicated zone as a proxy to avoid impacting production systems. If you choose to create a new zone, follow the [steps](/registrar/get-started/register-domain/) to register a new domain with Cloudflare. |
| 22 | + |
| 23 | +The following example shows how to set up logpush and Aegis to proxy an HTTPS destination, but the proxying should work for any supported Logpush destination as all destinations use the HTTP protocol underneath. |
| 24 | + |
| 25 | +## 1. Provision Aegis IP Pool |
| 26 | + |
| 27 | +1. Work with your Cloudflare account team to purchase [Aegis](/aegis/) IPs for your zone. |
| 28 | + |
| 29 | +2. (Optional but recommended) Request two IPs — one in PDX-B and one in SJC-A — to ensure coverage across regions. |
| 30 | + |
| 31 | +3. Confirm Pool ID once provisioned. |
| 32 | + |
| 33 | +## 2. Configure a zone for Aegis |
| 34 | + |
| 35 | +1. Register or use an existing zone for the Aegis pool. |
| 36 | + |
| 37 | +2. Associate the Pool ID with the selected zone using the API. For more details, refer to the [Aegis Setup documentation](/aegis/setup/). |
| 38 | + |
| 39 | +## 3. Proxy zone setup |
| 40 | + |
| 41 | +1. In your zone, add a DNS record (CNAME or A/AAAA) with **Target** as HTTP destination endpoint. |
| 42 | + |
| 43 | + |
| 44 | + |
| 45 | +2. If needed, configure [origin rules](/rules/origin-rules/) to specify a custom port. This is useful if your destination only accepts traffic on a non standard port, for example `12345`. You can configure `logpush.yourdestinationendpoint.com` (without specifying a port, as Cloudflare by default only proxies traffic on HTTP/HTTPS ports) to proxy to `yourdestinationendpoint.com:12345`. |
| 46 | + |
| 47 | + |
| 48 | +## 4. Configure Logpush |
| 49 | + |
| 50 | +1. Create a Logpush job with the following details: |
| 51 | + |
| 52 | +- Destination: HTTP |
| 53 | +- Endpoint: Use the domain/path set up (the Cloudflare dashboard will auto-validate the destination). Use the server name specified in the **Name** section in the DNS record. In this case, `logpush.yourdestionationendpoint.com`. |
| 54 | + |
| 55 | + |
| 56 | + |
| 57 | +- Configuration: Select dataset, job name, filters, and fields. Refer to the [Logpush documentation](/logs/logpush/) for more details. |
| 58 | + |
| 59 | +2. Check destination to confirm if the logs are received. |
0 commit comments