From c33663788bb8d70d128806c9b54523b32676b239 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 26 Feb 2025 15:51:15 -0600 Subject: [PATCH 1/5] Update footnote with new style --- .../cloudflare-one/insights/logs/index.mdx | 24 +++++++++---------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/src/content/docs/cloudflare-one/insights/logs/index.mdx b/src/content/docs/cloudflare-one/insights/logs/index.mdx index c230f8e3aa57c7..a0a5a74e8ae565 100644 --- a/src/content/docs/cloudflare-one/insights/logs/index.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/index.mdx @@ -18,19 +18,17 @@ Review detailed logs for your Zero Trust organization. Cloudflare Zero Trust logs are stored for a varying period of time based on the service used and plan type: -| | Free | Standard | Access | Gateway | Enterprise | -| ----| ------ | ------ | ------ | ------ | -------- | -| **Admin logs** | 18 months | 18 months | 18 months | 18 months | 18 months | 18 months | -| **Access logs** | 24 hours | 30 days | 30 days | 24 hours | 180 days | -| **DNS logs** | 24 hours | 30 days | 24 hours | 30 days | 180 days1 | -| **Network logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days | -| **HTTP logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days | -| **DEX logs** | 7 days | 7 days | 7 days | 7 days | 7 days | -| **Device posture logs** | 30 days | 30 days | 30 days | 30 days | 30 days | - -1 Enterprise users on per query plans cannot store DNS logs via Cloudflare. -You can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/). -For more information, contact your account team. +| | Free | Standard | Access | Gateway | Enterprise | +| ----------------------- | --------- | --------- | --------- | --------- | ------------ | +| **Admin logs** | 18 months | 18 months | 18 months | 18 months | 18 months | +| **Access logs** | 24 hours | 30 days | 30 days | 24 hours | 180 days | +| **DNS logs** | 24 hours | 30 days | 24 hours | 30 days | 180 days[^1] | +| **Network logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days | +| **HTTP logs** | 24 hours | 30 days | 24 hours | 30 days | 30 days | +| **DEX logs** | 7 days | 7 days | 7 days | 7 days | 7 days | +| **Device posture logs** | 30 days | 30 days | 30 days | 30 days | 30 days | + +[^1]: Enterprise users on per query plans cannot store DNS logs via Cloudflare. You can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/). For more information, contact your account team. ## Customer Metadata Boundary From 834598eba0284ea7156ebaa62bc59c2b69736b0c Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 26 Feb 2025 16:12:56 -0600 Subject: [PATCH 2/5] Add Log Explorer callout section --- src/content/docs/cloudflare-one/insights/logs/index.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/insights/logs/index.mdx b/src/content/docs/cloudflare-one/insights/logs/index.mdx index a0a5a74e8ae565..a5e56b68934efc 100644 --- a/src/content/docs/cloudflare-one/insights/logs/index.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/index.mdx @@ -8,7 +8,7 @@ head: content: Zero Trust logs --- -import { DirectoryListing } from "~/components"; +import { DirectoryListing, Badge } from "~/components"; Review detailed logs for your Zero Trust organization. @@ -30,6 +30,10 @@ Cloudflare Zero Trust logs are stored for a varying period of time based on the [^1]: Enterprise users on per query plans cannot store DNS logs via Cloudflare. You can still export logs via [Logpush](/cloudflare-one/insights/logs/logpush/). For more information, contact your account team. +## Log Explorer + +Log Explorer users can store Zero Trust logs directly within Cloudflare in an [R2 bucket](/r2/) and access them with the dashboard or API. For more information, refer to [Log Explorer](/logs/log-explorer/). + ## Customer Metadata Boundary Cloudflare Zero Trust can be used with the Data Localization Suite to ensure that data storage is restricted to a specific geographic region. For more information refer to [Customer Metadata Boundary](/data-localization/metadata-boundary/). From d98b52c0bd34a0d741389240bee2d0cb153257aa Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 26 Feb 2025 16:19:05 -0600 Subject: [PATCH 3/5] Add dataset partial --- .../cloudflare-one/insights/logs/index.mdx | 8 ++- src/content/docs/logs/log-explorer.mdx | 70 ++++++++----------- .../logs/log-explorer-account-datasets.mdx | 11 +++ 3 files changed, 48 insertions(+), 41 deletions(-) create mode 100644 src/content/partials/logs/log-explorer-account-datasets.mdx diff --git a/src/content/docs/cloudflare-one/insights/logs/index.mdx b/src/content/docs/cloudflare-one/insights/logs/index.mdx index a5e56b68934efc..e5e9b5b450537e 100644 --- a/src/content/docs/cloudflare-one/insights/logs/index.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/index.mdx @@ -8,7 +8,7 @@ head: content: Zero Trust logs --- -import { DirectoryListing, Badge } from "~/components"; +import { DirectoryListing, Badge, Render } from "~/components"; Review detailed logs for your Zero Trust organization. @@ -32,7 +32,11 @@ Cloudflare Zero Trust logs are stored for a varying period of time based on the ## Log Explorer -Log Explorer users can store Zero Trust logs directly within Cloudflare in an [R2 bucket](/r2/) and access them with the dashboard or API. For more information, refer to [Log Explorer](/logs/log-explorer/). +Log Explorer users can store Zero Trust logs directly within Cloudflare in an [R2 bucket](/r2/) and access them with the dashboard or API. Log Explorer supports the following Zero Trust datasets: + + + +For more information, refer to [Log Explorer](/logs/log-explorer/). ## Customer Metadata Boundary diff --git a/src/content/docs/logs/log-explorer.mdx b/src/content/docs/logs/log-explorer.mdx index b75cbc17615931..eb880f4b7c4ef4 100644 --- a/src/content/docs/logs/log-explorer.mdx +++ b/src/content/docs/logs/log-explorer.mdx @@ -7,7 +7,7 @@ sidebar: text: Beta --- -import { TabItem, Tabs } from "~/components"; +import { TabItem, Tabs, Render } from "~/components"; Log Explorer enables you to store and explore your Cloudflare logs directly within the Cloudflare Dashboard or API. Giving you visibility into your logs without the need to forward them to third parties. Logs are stored on Cloudflare's global network using the R2 object storage platform and can be queried via the Dashboard or SQL API. @@ -26,13 +26,7 @@ Log Explorer is available at the account and zone level. At the zone level, data At the account level, the datasets available are: -- [Access requests](/logs/reference/log-fields/account/access_requests/) (`FROM access_requests`) -- [CASB Findings](/logs/reference/log-fields/account/casb_findings/) (`FROM casb_findings`) -- [Device posture results](/logs/reference/log-fields/account/device_posture_results/) (`FROM device_posture_results`) -- [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) (`FROM gateway_dns`) -- [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) (`FROM gateway_http`) -- [Gateway Network](/logs/reference/log-fields/account/gateway_network/) (`FROM gateway_network`) -- [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) (`FROM zero_trust_network_sessions`) + ## Authentication @@ -54,8 +48,6 @@ Authentication with the API can be done via an authentication header or API toke - `Authorization: Bearer ` To create an appropriately scoped API token, refer to [Create API token](/fundamentals/api/get-started/create-token/) documentation. Copy and paste the token into the authorization parameter for your API call. - - ## Enable Log Explorer In order for Log Explorer to begin storing logs, you need to enable the desired datasets. You can do this via the dashboard or the API. @@ -150,18 +142,18 @@ Which returns the following HTTP request details: ```json { - "result": [ - { - "clientrequestscheme": "https", - "clientrequesthost": "example.com", - "clientrequestmethod": "GET", - "clientrequestuseragent": "curl/7.88.1", - "edgeresponsestatus": 200 - } - ], - "success": true, - "errors": [], - "messages": [] + "result": [ + { + "clientrequestscheme": "https", + "clientrequesthost": "example.com", + "clientrequestmethod": "GET", + "clientrequestuseragent": "curl/7.88.1", + "edgeresponsestatus": 200 + } + ], + "success": true, + "errors": [], + "messages": [] } ``` @@ -177,23 +169,23 @@ Which returns the following request details: ```json { - "result": [ - { - "createdat": "2025-01-14T18:17:55Z", - "appdomain": "example.com", - "appuuid": "a66b4ab0-ccdf-4d60-a6d0-54a59a827d92", - "action": "login", - "allowed": true, - "country": "us", - "rayid": "90fbb07c0b316957", - "email": "user@example.com", - "ipaddress": "1.2.3.4", - "useruid": "52859e81-711e-4de0-8b31-283336060e79" - } - ], - "success": true, - "errors": [], - "messages": [] + "result": [ + { + "createdat": "2025-01-14T18:17:55Z", + "appdomain": "example.com", + "appuuid": "a66b4ab0-ccdf-4d60-a6d0-54a59a827d92", + "action": "login", + "allowed": true, + "country": "us", + "rayid": "90fbb07c0b316957", + "email": "user@example.com", + "ipaddress": "1.2.3.4", + "useruid": "52859e81-711e-4de0-8b31-283336060e79" + } + ], + "success": true, + "errors": [], + "messages": [] } ``` diff --git a/src/content/partials/logs/log-explorer-account-datasets.mdx b/src/content/partials/logs/log-explorer-account-datasets.mdx new file mode 100644 index 00000000000000..7ea31e6c8d486c --- /dev/null +++ b/src/content/partials/logs/log-explorer-account-datasets.mdx @@ -0,0 +1,11 @@ +--- +{} +--- + +- [Access requests](/logs/reference/log-fields/account/access_requests/) (`FROM access_requests`) +- [CASB Findings](/logs/reference/log-fields/account/casb_findings/) (`FROM casb_findings`) +- [Device posture results](/logs/reference/log-fields/account/device_posture_results/) (`FROM device_posture_results`) +- [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) (`FROM gateway_dns`) +- [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) (`FROM gateway_http`) +- [Gateway Network](/logs/reference/log-fields/account/gateway_network/) (`FROM gateway_network`) +- [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) (`FROM zero_trust_network_sessions`) From af37c7217a889bdd9aed8a82a6ea707a67bda7e2 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 26 Feb 2025 16:30:54 -0600 Subject: [PATCH 4/5] Rework table --- .../cloudflare-one/insights/logs/logpush.mdx | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx index 53c456e24de49a..0bff8994b7a63b 100644 --- a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx @@ -35,19 +35,20 @@ You can configure multiple destinations and add additional fields to your logs b ## Zero Trust datasets -Refer to the Logpush documentation for a list of available fields. - -| Dataset | Description | -| ------------------------------------------------------------------------------- | -------------------------------------------------------------- | -| [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) | DNS queries inspected by Cloudflare Gateway | -| [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) | HTTP requests inspected by Cloudflare Gateway | -| [Gateway Network](/logs/reference/log-fields/account/gateway_network/) | Network packets inspected by Cloudflare Gateway | -| [Audit Logs](/logs/reference/log-fields/account/audit_logs/) | Authentication events through Cloudflare Access | -| [Access Requests](/logs/reference/log-fields/account/access_requests/) | HTTP requests to sites protected by Cloudflare Access | -| [CASB Findings](/logs/reference/log-fields/account/casb_findings/) | Security issues detected by Cloudflare CASB | -| [Device Posture](/logs/reference/log-fields/account/device_posture_results/) | Device posture status from the WARP client | -| [Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway | -| [SSH Logs](/logs/reference/log-fields/account/ssh_logs/) | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) | +Refer to [Logpush log fields](/logs/reference/log-fields/) for a list of available fields. + +| Dataset | Description | +| -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Access Requests](/logs/reference/log-fields/account/access_requests/) | HTTP requests to sites protected by Cloudflare Access | +| [Audit Logs](/logs/reference/log-fields/account/audit_logs/) | Authentication events through Cloudflare Access | +| [CASB Findings](/logs/reference/log-fields/account/casb_findings/) | Security issues detected by Cloudflare CASB | +| [Device Posture Results](/logs/reference/log-fields/account/device_posture_results/) | Device posture status from the WARP client | +| [DLP Forensic Copies](/logs/reference/log-fields/account/dlp_forensic_copies/) | Entire HTTP requests or payloads of HTTP requests captured by [Cloudflare DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/logging-options/) | +| [Gateway DNS](/logs/reference/log-fields/account/gateway_dns/) | DNS queries inspected by Cloudflare Gateway | +| [Gateway HTTP](/logs/reference/log-fields/account/gateway_http/) | HTTP requests inspected by Cloudflare Gateway | +| [Gateway Network](/logs/reference/log-fields/account/gateway_network/) | Network packets inspected by Cloudflare Gateway | +| [SSH Logs](/logs/reference/log-fields/account/ssh_logs/) | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) | +| [Zero Trust Network Session Logs](/logs/reference/log-fields/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway | ## Parse DNS logs From 8b7b8002b0ed0c26c0b31a073a7a90518b76d646 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 27 Feb 2025 16:51:37 -0600 Subject: [PATCH 5/5] Add additional context --- src/content/docs/cloudflare-one/insights/logs/logpush.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx index 0bff8994b7a63b..273cf48119fc18 100644 --- a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx @@ -35,7 +35,7 @@ You can configure multiple destinations and add additional fields to your logs b ## Zero Trust datasets -Refer to [Logpush log fields](/logs/reference/log-fields/) for a list of available fields. +Refer to [Logpush log fields](/logs/reference/log-fields/) for a list of all available fields. | Dataset | Description | | -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |