diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx new file mode 100644 index 000000000000000..72fa4bb10e3bc53 --- /dev/null +++ b/src/content/docs/cloudflare-one/insights/email-monitoring/email-security-logs.mdx @@ -0,0 +1,60 @@ +--- +title: Email Security logs +pcx_content_type: how-to +sidebar: + order: 5 +--- + +Email Security allows you to configure Logpush to send detection data to an endpoint of your choice. + +## Prerequisites + +Before you can enable Logpush for Email Security, you will have to: + +1. Create an [R2 bucket](/r2/get-started/#2-create-a-bucket). +2. Once you have created your R2 bucket, [create an API token](/r2/api/s3/tokens/). Under **Permissions**, ensure you select **Admin Read & Write**. +3. Once you have created your R2 API Token, the dashboard will display an **Access Key ID** and a **Secret Access Key**. Save these two, as you will need them to set up Logpush later. + +## Enable Logpush jobs + +To enable Logpush for Email Security: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Select **Analytics & Logs** > **Logpush**. +2. Select **Create a Logpush job**, then select **S3-Compatible**. +3. Enter the **destination details**: + - **Bucket (required)**: Enter the bucket name. + - **Endpoint URL**: Enter your endpoint URL. To find your endpoint URL: + - On the Cloudflare dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket. + - Go to Settings, and copy and paste the **S3 API** URL. + - **Bucket region**: Enter the region of your bucket. To find the bucket region: + - On the dashboard, go to **R2 Object Storage** > **Overview** > Select your bucket. + - Go to **Settings**, and find your region in **Location**. + - **Access Key ID**: Enter the Access Key ID you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites). + - **Secret Access Key**: Enter the Secret Access Key you created as a [prerequisite](/cloudflare-one/insights/email-monitoring/email-security-logs/#prerequisites). +4. Select **Continue**. + +Your destination has now been configured. + +To view the job you created: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Go to **R2 Object Storage**, select your bucket. +3. Select **Objects**. + +## Audit logs + +Once you have configured your destination, you can audit logs: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/). +2. Select **Analytics & Logs** > **Logpush**. +3. Select **Audit logs**. +4. Under **Configure logpush job**: + - **Job name**: Enter the job name. + - **If logs match**: Select **Filtered logs**: + - **Field**: Choose `ResourceType`. + - **Operator**: Choose `starts with`. + - **Value**: Enter `email_security`. +5. Select **Submit**. + +Your job has now been created successfully. \ No newline at end of file