# Cloudflare

## Cloudflare Logpush Setup

To send real-time access logs from Cloudflare to an Amazon S3 bucket, you can configure **Cloudflare Logpush**, which enables efficient, near real-time delivery of batched HTTP request logs. Below are the documented steps required to set up Logpush streaming to a Netacea-hosted S3 bucket, using a field configuration that meets Netacea’s data requirements.

### Prerequisites

To successfully stream web traffic logs to Netacea using Cloudflare Logpush, please ensure the following:

* You are on a **Cloudflare Enterprise plan**.
* You have access to the **Cloudflare Dashboard** for the relevant domain.
* You have received the necessary **AWS S3 bucket** details (bucket name, region, path, and credentials) from Netacea. These can be found [here](https://netacea.gitbook.io/portal-docs/user-guides-and-videos/portal-setup-and-log-shipping-guide).
* You have shared your **Cloudflare account details** with Netacea, if requested, to support token validation.
* You are aware of the [**minimum required dataset fields**](#netacea-minimum-required-dataset) Netacea requires for analysis.

### **Step-by-Step Configuration (Cloudflare Dashboard)**

1. Log in to the **Cloudflare Dashboard**.
2. Select the **Enterprise domain** you want to configure.
3. Go to **Analytics & Logs > Logpush**.
4. Click **Create a Logpush Job**.

#### Destination Setup

* For **Destination**, choose **Amazon S3**.
* Enter the following destination details (provided via the Netacea Portal):
  * **Bucket name**
  * **Path** (recommended: organise logs into daily subfolders)
  * **Bucket Region** (e.g., `eu-west-1`)

#### **Bucket Access Policy**

Netacea will configure and manage the S3 bucket and apply the required access policy to allow Cloudflare to upload logs.

> No changes to the bucket policy are needed from your side.

#### **Ownership Token Verification**

* Cloudflare will verify the destination by uploading an ownership token.
* Netacea will retrieve this token from the bucket and return it to you.
* Once received, paste the token into the Cloudflare Dashboard and click **Continue**.

**Select Dataset and Fields**

* Choose **HTTP Requests** as the dataset.
* Configure the job with the following details:

**Job Name**: Use a descriptive name (e.g., `Netacea_Logpush`).

* **Fields to Include**:
  * `EdgeEndTimestamp`
  * `ClientIP`
  * `ClientRequestUserAgent`
  * `ClientRequestMethod`
  * ### `ClientRequestPath` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `ClientRequestURI` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `EdgeResponseStatus` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `ClientRequestReferer` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `EdgeResponseBytes` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `JA3Hash` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `ClientRequestURI` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `ClientRequestProtocol` <a href="#clientrequestpath" id="clientrequestpath"></a>
  * ### `OriginResponseTime` <a href="#clientrequestpath" id="clientrequestpath"></a>

{% hint style="info" %}
`JA3Hash` is only available to Cloudflare Bot management customers
{% endhint %}

* Click **Submit** to activate the job.

### Netacea Minimum Dataset

The above log format will allow Netacea to collect the following minimum dataset for analysis

<table><thead><tr><th width="215">Required Fields</th><th>Description</th></tr></thead><tbody><tr><td><strong>Timestamp</strong></td><td>The time at which the request was received</td></tr><tr><td>IP Address</td><td>The IP address from which the request was made</td></tr><tr><td>User Agent</td><td>The user agent string sent in the header by the client</td></tr><tr><td>Method</td><td>The HTTP method of the request</td></tr><tr><td>Path</td><td>The path of the requested resource</td></tr><tr><td>Query</td><td>The query string of the request</td></tr><tr><td>Status</td><td>The HTTP status code returned by the server</td></tr><tr><td>Referrer</td><td>The web page the user followed a link from</td></tr><tr><td>Bytes Sent</td><td>The Bytes sent as part of the servers response</td></tr><tr><td>Client JA3</td><td>Clients JA3 fingerprint</td></tr><tr><td>X-Forwarded-For*</td><td>Original IP address of a client request</td></tr><tr><td>CF-Connecting-IP*</td><td>Cloudflare’s trusted source of the original client IP</td></tr><tr><td>Host</td><td>The destination host of the request</td></tr><tr><td>Protocol</td><td>The protocol of the request</td></tr><tr><td>Request Time</td><td>The complete amount of time it took to process the request</td></tr></tbody></table>

\* Useful for when proxies are in the line of traffic from client > origin

### Final Steps

Once log delivery is active, **notify your Netacea Solutions Engineer**. This allows us to:

* Confirm receipt of data
* Validate the dataset format and completeness
* Begin analysis once a sufficient volume of data has been collected

If you require support during setup, the Netacea SE team is here to help — don’t hesitate to reach out.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.netacea.com/cloudflare.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.