From 5898f122ab0272132e03c5ba27cbcc69ef1c4d7a Mon Sep 17 00:00:00 2001 From: daisyfaithauma Date: Thu, 10 Oct 2024 12:52:44 +0100 Subject: [PATCH 1/3] Initial documentation for OpenSSL --- .../observability/logging/logpush.mdx | 47 +++++++++++++++++-- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/src/content/docs/ai-gateway/observability/logging/logpush.mdx b/src/content/docs/ai-gateway/observability/logging/logpush.mdx index a25494c89e37d74..8aff0fe91871f15 100644 --- a/src/content/docs/ai-gateway/observability/logging/logpush.mdx +++ b/src/content/docs/ai-gateway/observability/logging/logpush.mdx @@ -6,14 +6,14 @@ sidebar: text: Beta --- -import { Render } from "~/components"; +import { Render, Tabs, TabItem } from "~/components"; AI Gateway allows you to securely export logs to an external storage location, where you can decrypt and process them. You can toggle Logpush on and off in the [Cloudflare dashboard](https://dash.cloudflare.com) settings. This guide explains how to set up Logpush for AI Gateway, generate an RSA key pair for encryption, and decrypt the logs once they are received. -You can store up to 10 million logs per gateway. If your limit is reached, new logs will stop being saved and will not be exported through Logpush. To continue saving and exporting logs, you must delete older logs to free up space for new logs. Logpush has a limit of 4 jobs. +You can store up to 10 million logs per gateway. If your limit is reached, new logs will stop being saved and will not be exported through Logpush. To continue saving and exporting logs, you must delete older logs to free up space for new logs. Logpush has a limit of 4 jobs. :::note[Note] @@ -27,9 +27,14 @@ To configure Logpush for AI Gateway, follow these steps: ## 1. Generate an RSA key pair locally -You need to generate a key pair to encrypt and decrypt the logs. This script will output your RSA privateKey and publicKey. Keep the private key secure, as it will be used to decrypt the logs. Below is a sample script to generate the keys using Node.js. +You need to generate a key pair to encrypt and decrypt the logs. This script +will output your RSA privateKey and publicKey. Keep the private key secure, as +it will be used to decrypt the logs. Below is a sample script to generate the +keys using Node.js. -```js title="JavaScript" + + +```js const crypto = require("crypto"); const { privateKey, publicKey } = crypto.generateKeyPairSync("rsa", { @@ -54,10 +59,42 @@ Run the script by executing the below code on your terminal. Replace `file name` node {file name} ``` + + +1. Generate Private Key: + Use the following command to generate a RSA private key: + + ```bash + openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:4096 + ``` + +2. Generate Public Key: + After generating the private key, you can extract the corresponding public key using: + + ```bash + openssl rsa -pubout -in private_key.pem -out public_key.pem + ``` + +3. View Private and Public Keys: + You can verify the contents of the generated keys by using the following commands: + + - To view the private key: + + ```bash + cat private_key.pem + ``` + + - To view the public key: + + ```bash + cat public_key.pem + ``` + + ## 2. Upload public key to gateway settings -Once you have generated the key pair, upload the public key to your AI Gateway settings. This key will be used to encrypt your logs. In order to enable Logpush, you will need logs enabled for that gateway. +Once you have generated the key pair, upload the public key to your AI Gateway settings. This key will be used to encrypt your logs. In order to enable Logpush, you will need logs enabled for that gateway. ## 3. Set up Logpush From d74cc75f915f750095fba2c86adf4be0316f6bdc Mon Sep 17 00:00:00 2001 From: daisyfaithauma Date: Mon, 14 Oct 2024 15:55:38 +0100 Subject: [PATCH 2/3] Openssl update --- .../observability/logging/logpush.mdx | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/src/content/docs/ai-gateway/observability/logging/logpush.mdx b/src/content/docs/ai-gateway/observability/logging/logpush.mdx index 8aff0fe91871f15..6c4616c54bba889 100644 --- a/src/content/docs/ai-gateway/observability/logging/logpush.mdx +++ b/src/content/docs/ai-gateway/observability/logging/logpush.mdx @@ -30,7 +30,7 @@ To configure Logpush for AI Gateway, follow these steps: You need to generate a key pair to encrypt and decrypt the logs. This script will output your RSA privateKey and publicKey. Keep the private key secure, as it will be used to decrypt the logs. Below is a sample script to generate the -keys using Node.js. +keys using Node.js. and OpenSSL. @@ -75,21 +75,6 @@ node {file name} openssl rsa -pubout -in private_key.pem -out public_key.pem ``` -3. View Private and Public Keys: - You can verify the contents of the generated keys by using the following commands: - - - To view the private key: - - ```bash - cat private_key.pem - ``` - - - To view the public key: - - ```bash - cat public_key.pem - ``` - ## 2. Upload public key to gateway settings @@ -106,7 +91,9 @@ After configuring Logpush, logs will be sent encrypted using the public key you ## 5. Decrypt logs -To decrypt the encrypted log bodies and metadata from AI Gateway, you can use the following Node.js script: +To decrypt the encrypted log bodies and metadata from AI Gateway, you can use the following Node.js script or OpenSSL: + + ```js title="JavaScript" const privateKey = `-----BEGIN RSA PRIVATE KEY----- @@ -161,3 +148,21 @@ node {file name} The script reads the encrypted log file `(my_log.log.gz)`, decrypts the metadata, request body, and response body, and prints the decrypted data. Ensure you replace the `privateKey` variable with your actual private RSA key that you generated in step 1. + + + +You can verify the contents of the generated keys by using the following commands: + +- To view the private key: + + ```bash + cat private_key.pem + ``` + +- To view the public key: + + ```bash + cat public_key.pem + ``` + + From e6ae129b8d11273ba4b43450947452c641f408b0 Mon Sep 17 00:00:00 2001 From: daisyfaithauma Date: Mon, 14 Oct 2024 18:06:59 +0100 Subject: [PATCH 3/3] remove script explanation --- src/content/docs/ai-gateway/observability/logging/logpush.mdx | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/content/docs/ai-gateway/observability/logging/logpush.mdx b/src/content/docs/ai-gateway/observability/logging/logpush.mdx index 6c4616c54bba889..fbebead0987d987 100644 --- a/src/content/docs/ai-gateway/observability/logging/logpush.mdx +++ b/src/content/docs/ai-gateway/observability/logging/logpush.mdx @@ -144,8 +144,6 @@ Run the script by executing the below code on your terminal. Replace `file name` node {file name} ``` -## Script Explanation - The script reads the encrypted log file `(my_log.log.gz)`, decrypts the metadata, request body, and response body, and prints the decrypted data. Ensure you replace the `privateKey` variable with your actual private RSA key that you generated in step 1.