Skip to content
Logs
Visit Logs on GitHub
Set theme to dark (⇧+D)

Enable S3-compatible endpoints

Cloudflare Logpush supports pushing logs to S3-compatible destinations via the Cloudflare dashboard or via API, including:

For more information about Logpush and the current production APIs, see the Cloudflare Logpush documentation.

Manage via the Cloudflare dashboard

Enable Logpush to an S3-compatible destination via the dashboard.

To enable the Cloudflare Logpush service:

  1. Log in to the Cloudflare dashboard.

  2. Select the Enterprise domain you want to use with Logpush.

  3. Go to Analytics > Logs.

  4. Click Connect a service. A modal window opens where you will need to complete several steps.

  5. Select the data set you want to push to a storage service.

  6. Select the data fields to include in your logs. You can add or remove fields later by modifying your settings in Logs > Logpush.

  7. Select S3-Compatible.

  8. Enter or select the following destination information:

    • S3 Compatible Bucket Path
    • Bucket region
    • Access Key ID
    • Secret Access Key
    • Endpoint URL
  9. Click Validate access.

  10. Click Save and Start Pushing to finish enabling Logpush.

Once connected, Cloudflare lists the S3-compatible destination as a connected service under Logs > Logpush. Edit or remove connected services from here.

Manage via API

To set up S3-compatible endpoints:

  1. Create a job with the appropriate endpoint URL and authentication parameters.
  2. Enable the job to begin pushing logs.

See below for detailed instructions.

Only roles with Cloudflare Log Share edit permissions can read and configure Logpush jobs because job configurations may contain sensitive information. Ensure Log Share permissions are enabled before attempting to read or configure a Logpush job.

1. Create a job

To create a job, make a POST request to the Logpush jobs endpoint with the following fields:

  • name (optional) - Use your domain name as the job name.
  • destination_conf - A log destination consisting of an endpoint name, bucket name, bucket path, region, access-key-id, and secret-access-key in the following string format:
"s3://<BUCKET-NAME>/<BUCKET-PATH>?region=<REGION>&access-key-id=<ACCESS-KEY-ID>&secret-access-key=<SECRET-ACCESS-KEY>&endpoint=<ENDPOINT-URL>"
  • dataset - the category of logs you want to receive; either http_requests (default), spectrum_events or firewall_events
  • logpull_options (optional) - To configure fields, sample rate, and timestamp format, see Logpush API options

Example request using cURL:

curl -s -X POST \
https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs \
-d '{"name":"<DOMAIN_NAME>",
"destination_conf":"s3://<BUCKET-NAME>/<BUCKET-PATH>?region=<REGION>&access-key-id=<ACCESS-KEY-ID>&secret-access-key=<SECRET-ACCESS-KEY>&endpoint=<ENDPOINT-URL>", "logpull_options":"fields=RayID,EdgeStartTimestamp&timestamps=rfc3339", "dataset":"http_requests"}' | jq .

Response:

{
"errors": [],
"messages": [],
"result": {
"id": 100,
"dataset": "http_requests",
"enabled": false,
"name": "<DOMAIN_NAME>",
"logpull_options": "fields=RayID,EdgeStartTimestamp&timestamps=rfc3339",
"destination_conf": "s3://<BUCKET-NAME>/<BUCKET-PATH>?region=<REGION>&access-key-id=<ACCESS-KEY-ID>&secret-access-key=<SECRET-ACCESS-KEY>&endpoint=<ENDPOINT-URL>",
"last_complete": null,
"last_error": null,
"error_message": null
},
"success": true
}

2. Enable (update) a job

To enable a job, make a PUT request to the Logpush jobs endpoint. You’ll use the job ID returned from the previous step in the URL, and send {"enabled": true} in the request body.

Example request using cURL:

curl -s -X PUT \
https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/logpush/jobs/100 -d'{"enabled":true}' | jq .

Response:

{
"errors": [],
"messages": [],
"result": {
"id": 100,
"dataset": "http_requests",
"enabled": true,
"name": "<DOMAIN_NAME>",
"logpull_options": "fields=RayID,EdgeStartTimestamp&timestamps=rfc3339",
"destination_conf": "s3://<BUCKET-NAME>/<BUCKET-PATH>?region=<REGION>&access-key-id=<ACCESS-KEY-ID>&secret-access-key=<SECRET-ACCESS-KEY>&endpoint=<ENDPOINT-URL>",
"last_complete": null,
"last_error": null,
"error_message": null
},
"success": true
}