cloudflare · daisyfaithauma · Sep 26, 2024 · Sep 12, 2024 · Sep 24, 2024 · Sep 24, 2024
@@ -0,0 +1,101 @@
+---
+pcx_content_type: reference
+title: Logpush
+sidebar:
+  badge:
+    text: Beta
+---
+
+import { Render } from "~/components";
+
+AI Gateway allows you to securely export logs to an external storage location, where you can decrypt and process them. This guide explains how to set up Logpush for AI Gateway, generate an RSA key pair for encryption, and decrypt the logs once they are received.
+Logpush has a limit of 4 jobs.
+
+<Render file="limits-increase" product="ai-gateway" />
+
+## Setting up Logpush
+
+To configure Logpush for AI Gateway, follow these steps:
+
+## 1. Generate an RSA key pair locally
+
+You need to generate a key pair to encrypt and decrypt the logs. This script will output your RSA privateKey and publicKey. Keep the private key secure, as it will be used to decrypt the logs. Below is a sample script to generate the keys using Node.js.
+
+```js title="JavaScript"
+const crypto = require("crypto");
+
+const { privateKey, publicKey } = crypto.generateKeyPairSync("rsa", {
+	modulusLength: 4096,
+	publicKeyEncoding: {
+		type: "spki",
+		format: "pem",
+	},
+	privateKeyEncoding: {
+		type: "pkcs8",
+		format: "pem",
+	},
+});
+
+console.log(publicKey);
+console.log(privateKey);
+```
+
+## 2. Upload public key to gateway settings
+
+Once you have generated the key pair, upload the public key to your AI Gateway settings. This key will be used to encrypt your logs.
+
+## 3. Receive encrypted logs
+
+After configuring Logpush, logs will be sent encrypted using the public key you uploaded. To access the data, you will need to decrypt it using your private key.
+
+## 4. Decrypting logs
+
+To decrypt the encrypted log bodies and metadata from AI Gateway, you can use the following Node.js script:
+
+```js title="JavaScript"
+const privateKey = `-----BEGIN RSA PRIVATE KEY-----
+....
+-----END RSA PRIVATE KEY-----`;
+
+const crypto = require("crypto");
+const key = crypto.createPrivateKey(privateKey);
+
+const fs = require("fs");
+const zlib = require("zlib");
+const readline = require("readline");
+
+function decryptBase64(key, string) {
+	const decryptedData = crypto.privateDecrypt(
+		{
+			key: key,
+			oaepHash: "SHA256",
+		},
+		Buffer.from(string, "base64"),
+	);
+
+	return decryptedData.toString();
+}
+
+let lineReader = readline.createInterface({
+	input: fs.createReadStream("my_log.log.gz").pipe(zlib.createGunzip()),
+});
+
+lineReader.on("line", (line) => {
+	line = JSON.parse(line);
+
+	const { Metadata, RequestBody, ResponseBody, ...remaining } = line;
+
+	console.log({
+		...remaining,
+		Metadata: decryptBase64(key, Metadata.data),
+		RequestBody: decryptBase64(key, RequestBody.data),
+		ResponseBody: decryptBase64(key, ResponseBody.data),
+	});
+	console.log("--");
+});
+```
+
+## Script Explanation
+
+The script reads the encrypted log file `(my_log.log.gz)`, decrypts the metadata, request body, and response body, and prints the decrypted data.
+Ensure you replace the `privateKey` variable with your actual private RSA key that you generated in step 1.