Email security logs
Email security allows you to configure Logpush to export two types of log data: detection logs (records of threats identified in email traffic) and user action logs (records of administrative actions taken via the API or the dashboard). Each log type requires separate configuration.
Detection logs record each threat identified by Email security, including metadata such as the message sender, recipient, and detection verdict.
To enable detection logs, refer to Enable destinations. When configuring the Logpush job, select Email security alerts as the dataset.
User action logs record all administrative actions taken via the API or the dashboard.
Before you can enable user action logs for Email security, you must have a Logpush job configured for your storage destination. Refer to Enable destinations to enable logs on destinations such as Cloudflare R2, HTTP, Amazon S3, and more.
Once you have configured your destination, you can set up user action logs:
-
In the Cloudflare dashboard, go to the Logpush page.
Go to Logpush -
Select your storage destination.
-
Select the three dots > Edit.
-
Under Configure logpush job:
- Job name: Enter the job name, if it is not already prepopulated.
- If logs match > Select Filtered logs to capture only Email security events:
- Field: Choose
ResourceType(the type of resource that was changed). - Operator: Choose
starts with. - Value: Enter
email_security.
- Field: Choose
- Select Submit.
You can now view logs via the Cloudflare dashboard.