Cloudflare Docs
Logs
Visit Logs on GitHub
Set theme to dark (⇧+D)

Network Analytics Logs

The descriptions below detail the fields available for network_analytics_logs.

FieldValueType
AttackCampaignIDUnique identifier of the attack campaign that this packet was a part of, if any.string
AttackIDUnique identifier of the mitigation that matched the packet, if any.string
ColoCityThe city where the Cloudflare datacenter that received the packet is located.string
ColoCodeThe Cloudflare datacenter that received the packet (nearest IATA airport code).string
ColoCountryThe country where the Cloudflare datacenter that received the packet is located (ISO 3166-1 alpha-2).string
ColoGeoHashThe latitude and longitude where the colo that received the packet is located (Geohash encoding).string
ColoNameThe unique site identifier of the Cloudflare datacenter that received the packet (for example, ‘ams01’, ‘sjc01’, ‘lhr01’).string
DatetimeThe date and time the event occurred at the edge.int or string
DestinationASNThe ASN associated with the destination IP of the packet.int
DestinationASNNameThe name of the ASN associated with the destination IP of the packet.string
DestinationCountryThe country where the destination IP of the packet is located (ISO 3166-1 alpha-2).string
DestinationGeoHashThe latitude and longitude where the destination IP of the packet is located (Geohash encoding).string
DestinationPortValue of the Destination Port header field in the TCP or UDP packet.int
DirectionThe direction in relation to customer network.
Possible values are ingress | egress.
string
GREChecksumValue of the Checksum header field in the GRE packet.int
GREEtherTypeValue of the EtherType header field in the GRE packet.int
GREHeaderLengthLength of the GRE packet header, in bytes.int
GREKeyValue of the Key header field in the GRE packet.int
GRESequenceNumberValue of the Sequence Number header field in the GRE packet.int
GREVersionValue of the Version header field in the GRE packet.int
ICMPChecksumValue of the Checksum header field in the ICMP packet.int
ICMPCodeValue of the Code header field in the ICMP packet.int
ICMPTypeValue of the Type header field in the ICMP packet.int
IPDestinationAddressValue of the Destination Address header field in the IPv4 or IPv6 packet.string
IPDestinationSubnetComputed subnet of the Destination Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6).string
IPFragmentOffsetValue of the Fragment Offset header field in the IPv4 or IPv6 packet.int
IPHeaderLengthLength of the IPv4 or IPv6 packet header, in bytes.int
IPMoreFragmentsValue of the More Fragments header field in the IPv4 or IPv6 packet.int
IPProtocolValue of the Protocol header field in the IPv4 or IPv6 packet.int
IPProtocolNameName of the protocol specified by the Protocol header field in the IPv4 or IPv6 packet.string
IPSourceAddressValue of the Source Address header field in the IPv4 or IPv6 packet.string
IPSourceSubnetComputed subnet of the Source Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6).string
IPTTLValue of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet.int
IPTTLBucketsValue of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet, with the last digit truncated.int
IPTotalLengthTotal length of the IPv4 or IPv6 packet, in bytes.int
IPTotalLengthBucketsTotal length of the IPv4 or IPv6 packet, in bytes, with the last two digits truncated.int
IPv4ChecksumValue of the Checksum header field in the IPv4 packet.int
IPv4DSCPValue of the Differentiated Services Code Point header field in the IPv4 packet.int
IPv4DontFragmentValue of the Don’t Fragment header field in the IPv4 packet.int
IPv4ECNValue of the Explicit Congestion Notification header field in the IPv4 packet.int
IPv4IdentificationValue of the Identification header field in the IPv4 packet.int
IPv4OptionsList of Options numbers included in the IPv4 packet header.string
IPv6DSCPValue of the Differentiated Services Code Point header field in the IPv6 packet.int
IPv6ECNValue of the Explicit Congestion Notification header field in the IPv6 packet.int
IPv6ExtensionHeadersList of Extension Header numbers included in the IPv6 packet header.string
IPv6FlowLabelValue of the Flow Label header field in the IPv6 packet.int
IPv6IdentificationValue of the Identification extension header field in the IPv6 packet.int
MitigationReasonReason for applying a mitigation to the packet, if any.
Possible values are BLOCKED | RATE_LIMITED |UNEXPECTED | CHALLENGE_NEEDED | CHALLENGE_PASSED | NOT_FOUND | OUT_OF_SEQUENCE | ALREADY_CLOSED.
string
MitigationScopeWhether the packet matched a local or global mitigation, if any.
Possible values are local | global.
string
MitigationSystemWhich Cloudflare system sampled the packet.
Possible values are dosd | flowtrackd | magic-firewall.
string
OutcomeThe action that Cloudflare systems took on the packet.
Possible values are pass | drop.
string
ProtocolStateState of the packet in the context of the protocol, if any.
Possible values are OPEN | NEW | CLOSING | CLOSED.
string
RuleIDUnique identifier of the rule contained with the Cloudflare L3/4 managed ruleset that this packet matched, if any.string
RulesetIDUnique identifier of the Cloudflare L3/4 managed ruleset containing the rule that this packet matched, if any.
Possible values are 3b64149bfa6e4220bbbc2bd6db589552.
string
RulesetOverrideIDUnique identifier of the rule within the accounts root ddos_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any.string
SampleIntervalThe sample interval is the inverse of the sample rate. For example, a sample interval of 1000 means that this packet was randomly sampled from 1 in 1000 packets. Sample rates are dynamic and based on the volume of traffic.int
SourceASNThe ASN associated with the source IP of the packet.int
SourceASNNameThe name of the ASN associated with the source IP of the packet.string
SourceCountryThe country where the source IP of the packet is located (ISO 3166-1 alpha-2).string
SourceGeoHashThe latitude and longitude where the source IP of the packet is located (Geohash encoding).string
SourcePortValue of the Source Port header field in the TCP or UDP packet.int
TCPAcknowledgementNumberValue of the Acknowledgement Number header field in the TCP packet.int
TCPChecksumValue of the Checksum header field in the TCP packet.int
TCPDataOffsetValue of the Data Offset header field in the TCP packet.int
TCPFlagsValue of the Flags header field in the TCP packet.int
TCPFlagsStringHuman-readable string representation of the Flags header field in the TCP packet.string
TCPMSSValue of the MSS option header field in the TCP packet.int
TCPOptionsList of Options numbers included in the TCP packet header.string
TCPSACKBlocksList of the SACK Blocks option header in the TCP packet.string
TCPSACKPermittedValue of the SACK Permitted option header in the TCP packet.int
TCPSequenceNumberValue of the Sequence Number header field in the TCP packet.int
TCPTimestampECRValue of the Timestamp Echo Reply option header in the TCP packet.int
TCPTimestampValueValue of the Timestamp option header in the TCP packet.int
TCPUrgentPointerValue of the Urgent Pointer header field in the TCP packet.int
TCPWindowScaleValue of the Window Scale option header in the TCP packet.int
TCPWindowSizeValue of the Window Size header field in the TCP packet.int
UDPChecksumValue of the Checksum header field in the UDP packet.int
UDPPayloadLengthValue of the Payload Length header field in the UDP packet.int
VerdictThe action that Cloudflare systems think should be taken on the packet.
Possible values are pass | drop.
string