Skip to content

Logpush integration

With Cloudflare's Logpush service, you can configure the automatic export of Zero Trust logs to third-party storage destinations or to security information and event management (SIEM) tools. Once exported, your team can analyze and audit the data as needed.

Export Zero Trust logs with Logpush

To enable Logpush for Zero Trust logs:

  1. In Zero Trust, go to Logs > Logpush.
  2. Select Add Logpush job.
  3. Enter a Job name.
  4. From the drop-down menu, choose the dataset to export.
  5. Next, select the data fields you want to include in the log.
  6. In Advanced settings, choose the timestamp format you prefer, and whether you want to enable logs sampling.
  7. Select Next.
  8. Select the service you want to export your logs to.
  9. Follow the service-specific instructions in Zero Trust to validate your destination.

The setup of your Logpush integration is now complete. Logpush will send updated logs every five minutes to your selected destination.

You can configure multiple destinations and add additional fields to your logs by returning to the Logpush page.

Zero Trust datasets

Refer to the Logpush documentation for a list of available fields.

DatasetDescription
Gateway DNSDNS queries inspected by Cloudflare Gateway
Gateway HTTPHTTP requests inspected by Cloudflare Gateway
Gateway NetworkNetwork packets inspected by Cloudflare Gateway
Audit LogsAuthentication events through Cloudflare Access
Access RequestsHTTP requests to sites protected by Cloudflare Access
CASB FindingsSecurity issues detected by Cloudflare CASB
Device PostureDevice posture status from the WARP client
Session LogsNetwork session logs for traffic proxied by Cloudflare Gateway

Parse DNS logs

Logpush logs the following fields for each DNS query:

  • Query name
  • Query type
  • Query class
  • Response TTL
  • Response data

DNS query resource records are available in Base64-encoded binary format and JSON. For example:

{
"ResourceRecords": [
{
"type": "5",
"data": "d3d3LmV4YW1wbGUuY29tAAABAAUAAABleGFtcGxlLmNvbQ=="
},
{
"type": "1",
"data": "ZXhhbXBsZS5jb20AAAEAAQAAAQIDBAUGBwgJ"
}
],
"ResourceRecordsJSON": "[{\"name\":\"www.example.com\",\"type\":\"CNAME\",\"class\":\"IN\",\"ttl\":300,\"rdata\":\"example.com.\"},{\"name\":\"example.com\",\"type\":\"A\",\"class\":\"IN\",\"ttl\":300,\"rdata\":\"203.0.113.0\"}]"
}