Export logs from Cloudflare Gateway with Logpush
Sam Rhea shares their experience using Cloudflare Gateway, a part of Cloudflare for Teams, to secure internet-connected devices on their WiFi network. They mention that Gateway has processed about 114,000 DNS queries and blocked nearly 100 as potential security risks. However, they find it difficult to analyze the data more thoroughly due to the large number of pages involved. To address this issue, starting today, users can configure automatic export of logs from Cloudflare Gateway to third-party storage destinations or SIEM tools. This feature builds on the same robust Cloudflare Logpush Service that powers data export from Cloudflare's infrastructure products. Cloudflare Gateway is a part of Cloudflare for Teams, which secures users, devices, and data by replacing on-premise appliances and security subscriptions with a single solution delivered closer to the users. It blocks threats on the public internet from becoming incidents inside an organization. Deployment takes less than 5 minutes, and administrators can block known threats or specific categories of websites. The Cloudflare for Teams UI presents some summary views of data, but each organization has different needs for audit, retention, or analysis. The best way to let users investigate the data in any way they need is to give them all of it. This is where Cloudflare Logpush comes into play, which exports the data captured by Cloudflare's network to storage destinations that users control. Logpush supports AWS S3, Google Cloud Storage, Sumo Logic, and Microsoft Azure out of the box. Administrators can configure exports of logs that will send deltas every five minutes from that point onward. The feature is only available to customers on a contract plan, but all Cloudflare for Teams plans include 30-days of data that can be searched in the UI.
Company
Cloudflare
Date published
May 29, 2020
Author(s)
Sam Rhea
Word count
841
Language
English
Hacker News points
None found.