[Email Security] Logs (#18277)

Maddy-Cloudflare · Oxyjun · web-flow · commit e6b72506e19b · 2024-11-20T17:27:49.000Z
* [Email Security] Logs

* [Email Security] Adding prereq

* Update src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx

Co-authored-by: Jun Lee &lt;junlee@cloudflare.com&gt;

---------

Co-authored-by: Jun Lee &lt;junlee@cloudflare.com&gt;
diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx
@@ -0,0 +1,60 @@
+---
+title: Email Security logs
+pcx_content_type: how-to
+sidebar:
+  order: 5
+---
+
+Email Security allows you to configure Logpush to send detection data to an endpoint of your choice.
+
+## Prerequisites
+
+Before you can enable Logpush for Email Security, you will have to:
+
+1. Create an [R2 bucket](/r2/get-started/#2-create-a-bucket).
+2. Once you have created your R2 bucket, [create an API token](/r2/api/s3/tokens/). Under **Permissions**, ensure you select **Admin Read & Write**. 
+3. Once you have created your R2 API Token, the dashboard will display an **Access Key ID** and a **Secret Access Key**. Save these two, as you will need them to set up Logpush later.
+
+## Enable Logpush jobs
+
+To enable Logpush for Email Security:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
+2. Select **Analytics & Logs** > **Logpush**.
+2. Select **Create a Logpush job**, then select **S3-Compatible**.
+3. Enter the **destination details**:
+    - **Bucket (required)**: Enter the bucket name.
+    - **Endpoint URL**: Enter your endpoint URL. To find your endpoint URL:
+      - On the Cloudflare dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket.
+      - Go to Settings, and copy and paste the **S3 API** URL.
+    - **Bucket region**: Enter the region of your bucket. To find the bucket region:
+      - On the dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket.
+      - Go to **Settings**, and find your region in **Location**.
+    - **Access Key ID**: Enter the Access Key ID you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites).
+    - **Secret Access Key**: Enter the Secret Access Key you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites).
+4. Select **Continue**. 
+
+Your destination has now been configured.
+
+To view the job you created:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
+2. Go to **R2 Object Storage**, select your bucket.
+3. Select **Objects**.
+
+## Audit logs
+
+Once you have configured your destination, you can audit logs:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/).
+2. Select **Analytics & Logs** > **Logpush**.
+3. Select **Audit logs**.
+4. Under **Configure logpush job**: 
+  - **Job name**: Enter the job name.
+  - **If logs match**: Select **Filtered logs**:
+    - **Field**: Choose `ResourceType`.
+    - **Operator**: Choose `starts with`.
+    - **Value**: Enter `email_security`.  
+5. Select **Submit**.
+
+Your job has now been created successfully.
