Cloudflare
How to configure Cloudflare Logpush to deliver logs to Netacea for PoV analysis
Cloudflare Logpush Setup
To send real-time access logs from Cloudflare to an Amazon S3 bucket, you can configure Cloudflare Logpush, which enables efficient, near real-time delivery of batched HTTP request logs. Below are the documented steps required to set up Logpush streaming to a Netacea-hosted S3 bucket, using a field configuration that meets Netacea’s data requirements.
Prerequisites
To successfully stream web traffic logs to Netacea using Cloudflare Logpush, please ensure the following:
You are on a Cloudflare Enterprise plan.
You have access to the Cloudflare Dashboard for the relevant domain.
You have received the necessary AWS S3 bucket details (bucket name, region, path, and credentials) from Netacea. These can be found here.
You have shared your Cloudflare account details with Netacea, if requested, to support token validation.
You are aware of the minimum required dataset fields Netacea requires for analysis.
Step-by-Step Configuration (Cloudflare Dashboard)
Log in to the Cloudflare Dashboard.
Select the Enterprise domain you want to configure.
Go to Analytics & Logs > Logpush.
Click Create a Logpush Job.
Destination Setup
For Destination, choose Amazon S3.
Enter the following destination details (provided via the Netacea Portal):
Bucket name
Path (recommended: organise logs into daily subfolders)
Bucket Region (e.g.,
eu-west-1)
Bucket Access Policy
Netacea will configure and manage the S3 bucket and apply the required access policy to allow Cloudflare to upload logs.
No changes to the bucket policy are needed from your side.
Ownership Token Verification
Cloudflare will verify the destination by uploading an ownership token.
Netacea will retrieve this token from the bucket and return it to you.
Once received, paste the token into the Cloudflare Dashboard and click Continue.
Select Dataset and Fields
Choose HTTP Requests as the dataset.
Configure the job with the following details:
Job Name: Use a descriptive name (e.g., Netacea_Logpush).
Click Submit to activate the job.
Netacea Minimum Dataset
The above log format will allow Netacea to collect the following minimum dataset for analysis
Timestamp
The time at which the request was received
IP Address
The IP address from which the request was made
User Agent
The user agent string sent in the header by the client
Method
The HTTP method of the request
Path
The path of the requested resource
Query
The query string of the request
Status
The HTTP status code returned by the server
Referrer
The web page the user followed a link from
Bytes Sent
The Bytes sent as part of the servers response
Client JA3
Clients JA3 fingerprint
X-Forwarded-For*
Original IP address of a client request
CF-Connecting-IP*
Cloudflare’s trusted source of the original client IP
Host
The destination host of the request
Protocol
The protocol of the request
Request Time
The complete amount of time it took to process the request
* Useful for when proxies are in the line of traffic from client > origin
Final Steps
Once log delivery is active, notify your Netacea Solutions Engineer. This allows us to:
Confirm receipt of data
Validate the dataset format and completeness
Begin analysis once a sufficient volume of data has been collected
If you require support during setup, the Netacea SE team is here to help — don’t hesitate to reach out.
Last updated