Enable Logpush to Microsoft Azure
Cloudflare Logpush supports pushing logs directly to Microsoft Azure via the Cloudflare dashboard or via API.
Manage via the Cloudflare dashboard
Log in to the Cloudflare dashboard.
Select the Enterprise account or domain (also known as zone) you want to use with Logpush. Depending on your choice, you have access to account-scoped datasets and zone-scoped datasets, respectively.
Go to Analytics & Logs > Logpush.
Select Create a Logpush job.
In Select a destination, choose Microsoft Azure.
Enter or select the following destination details:
- SAS URL - a pre-signed URL that grants access to Azure Storage resources. Refer to Azure storage documentation for more information on generating a SAS URL using Azure Storage Explorer.
- Path - bucket location within the storage container
- Organize logs into daily subfolders (recommended)
When you are done entering the destination details, select Continue.
To prove ownership, Cloudflare will send a file to your designated destination. To find the token, select the Open button in the Overview tab of the ownership challenge file, then paste it into the Cloudflare dashboard to verify your access to the bucket. Enter the Ownership Token and select Continue.
Select the dataset to push to the storage service.
In the next step, you need to configure your logpush job:
- Enter the Job name.
- Under If logs match, you can select the events to include and/or remove from your logs. Refer to Filters for more information. Not all datasets have this option available.
- In Send the following fields, you can choose to either push all logs to your storage destination or selectively choose which logs you want to push.
In Advanced Options, you can:
- Choose the format of timestamp fields in your logs (
RFC3339
(default),Unix
, orUnixNano
). - Select a sampling rate for your logs or push a randomly-sampled percentage of logs.
- Enable redaction for
CVE-2021-44228
. This option will replace every occurrence of${
withx{
.
- Choose the format of timestamp fields in your logs (
Select Submit once you are done configuring your logpush job.
Create and get access to a Blob Storage container
Cloudflare uses a shared access signature (SAS) token to gain access to your Blob Storage container. You will need to provide Write
permission and an expiration period of at least five years, which will allow you to not worry about the SAS token expiring.
Ensure Log Share permissions are enabled, before attempting to read or configure a Logpush job. For more information refer to the Roles section.
To enable Logpush to Azure:
Create a Blob Storage container. Refer to instructions from Azure.
Create a shared access signature (SAS) to secure and restrict access to your blob storage container. Use Storage Explorer to navigate to your container and right click to create a signature. Set the signature to expire at least five years from now and only provide write permission.
Provide the SAS URL when prompted by the Logpush API or UI.