Enable Google Cloud Storage
Cloudflare Logpush supports pushing logs directly to Google Cloud Storage via the Cloudflare dashboard or via API.
Manage via the Cloudflare dashboard
Enable Logpush to Google Cloud Storage via the dashboard.
To enable the Cloudflare Logpush service:
Log in to the Cloudflare dashboard.
Select the Enterprise domain you want to use with Logpush.
Go to Analytics > Logs.
Click Connect a service. A modal window opens where you will need to complete several steps.
Select the data set you want to push to a storage service.
Select the data fields to include in your logs. You can add or remove fields later by modifying your settings in Logs > Logpush.
Select Google Cloud Storage.
Enter or select the following destination information:
- Bucket path
- Daily subfolders
- For Grant Cloudflare access to upload files to your bucket, make sure your bucket has added Cloudflare's IAM as a user (if you did not add it already)
Click Validate access.
Enter the Ownership token (included in a file or log Cloudflare sends to your provider) and click Prove ownership. To find the ownership token, click the Open button in the Overview tab of the ownership challenge file.
Click Save and Start Pushing to finish enabling Logpush.
Once connected, Cloudflare lists Google Cloud Storage as a connected service under Logs > Logpush. Edit or remove connected services from here.
Manage via API
Cloudflare uses Google Cloud Identity and Access Management (IAM) to gain access to your bucket. The Cloudflare IAM service account needs admin permission for the bucket.
Only roles with Cloudflare Log Share edit permissions can read and configure Logpush jobs because job configurations may contain sensitive information. Ensure Log Share permissions are enabled before attempting to read or configure a Logpush job.
To enable Logpush to GCS: