Cloudflare
The Cloudflare Matano managed log source lets you ingest your Cloudflare logs directly into Matano.
Usage
Use the managed log source by specifying the managed.type property in your log_source as CLOUDFLARE.
name: cloudflare
managed:
type: CLOUDFLARE
For the tables you would like to enable from this managed log source, under a tables/ subdirectory in your log source directory, create a file with the name <table_name>.yml>. For example:
my-matano-dir/
└── log_sources/
└── cloudflare/
└── log_source.yml
└── tables/
└── audit.yml
└── dns.yml
└── firewall_event.yml
└── http_request.yml
└── nel_report.yml
└── network_analytics.yml
└── spectrum_event.yml
For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.
Tables
The Cloudflare managed log source supports the following tables:
- audit
- dns
- firewall_event
- http_request
- nel_report
- network_analytics
- spectrum_event
Ingest
The Matano Cloudflare integration is desgined to ingest datasets delivered to an S3 bucket via a Logpush job.
When creating a job for each dataset, make sure the corresponding table name is included somewhere in the path (e.g. my-s3-bucket/my-prefix/network_analytics) so that Matano can determine which table incoming files belong to.
S3 (default)
For a log source named cloudflare, a file under the path http_request/afe3c55a-8b05-4ac7-be76-b6fda08af95d/conn.log.gz will be routed to the http_request table.
S3 Path scheme to table:
*audit*-> audit*dns*-> dns*firewall_event*-> firewall_event*http_request*-> http_request*nel_report*-> nel_report*network_analytics*-> network_analytics*spectrum_event*-> spectrum_event
Schema
Cloudflare log data is normalized to ECS fields. Custom fields are normalized into the cloudflare field. You can view the complete mapping to see the full schema.