This tutorial describes how to use Cloudflare Logpush to send logs to AWS S3 and the to get logs into Sumo Logic. To learn how to use Logpush to send logs to AWS S3, refer to the . Alternatively, you can use to get logs to your Sumo Logic instance directly and skip Task 1.
Before sending your Cloudflare log data to Sumo Logic, make sure that you:
- Have an existing Sumo Logic account
- Have a Cloudflare Enterprise account with Cloudflare Logs enabled
- Configure or
- Consult the for the Cloudflare App
Task 1 - Send Cloudflare Logs data to Sumo Logic
You can use either Cloudflare Logpush or AWS S3 to send your Cloudflare Logs data to Sumo Logic.
1.1 - Send logs data via Cloudflare Logpush
To enable Cloudflare Logpush in Sumo Logic:
Provide the HTTP Source Address (URL) required by the Cloudflare Logpush API or Cloudflare dashboard UI.
1.2 Send log data via AWS S3
To connect AWS S3 to Sumo Logic:
Task 2 - Filter Workers requests
Under Processing Rules for Logs create a Filter (processing rule regex on our Cloudflare collector) to exclude any log data where WorkerSubrequest is true, as illustrated below:
Task 3 - Install the Cloudflare App
Click Add to Library and specify the Source category Cloudflare, which was completed in Step 1.
You should now be able to see the Cloudflare dashboards populated with your Cloudflare log data.
Task 4 - View the Dashboards
There are nine dashboards to help you analyze Cloudflare logs. You can also use filters within the dashboards to help narrow the analysis by date and time, device type, country, user agent, client IP, hostname, and more, to further help with debugging and tracing.
About the Dashboards
Cloudflare - Snapshot
Cloudflare - Reliability
Get insights on the availability of your websites and Applications. Metrics include origin response error ratio, origin response status over time, percentage of 3xx/4xx/5xx errors over time, and more.
Cloudflare - Security (Overview)
Cloudflare - Security (WAF)
Get insights on threat identification and mitigation by our Web Application Firewall, including events like SQL injections, XSS, and more. Use this data to fine tune the firewall to target obvious threats and prevent false positives.
Cloudflare - Security (Rate Limiting)
Cloudflare - Security (Bot Management)
Cloudflare - Performance (Requests, Bandwidth, Cache)
Cloudflare - Performance (Hostname, Content Type, Request Methods, Connection Type)
Cloudflare - Performance (Static vs. Dynamic Content)
All dashboards have a set of filters that you can apply to the entire dashboard, as shown below.
Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.
Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.
The default time interval is set to 24 hours. Note that for correct filter calculations, you need to exclude Worker subrequests (WorkerSubrequest = false) and purge requests (ClientRequestMethod is not PURGE).
The Sumo Logic Cloudflare App relies on data from the Cloudflare Enterprise Logs fields outlined below. Depending on which fields you have enabled, certain dashboards might not populate fully.
If that is the case, verify and test the Cloudflare App filters below each dashboard (these filters are the same across all dashboards). You can delete any filters that you don’t need, even if such filters include data fields already contained in your logs.
The available fields are: