Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

Introduction

The tags beginning with cloud.cloudflare identify events generated by Cloudflare.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed ascloud.cloudflare. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

...

Technology

...

Brand

...

Type

...

Subtype

...

...

cloudflare

...

  • logpush

...

  • <eventType>

  • http

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tag

Tags

Data

table

tables

Cloudflare

cloud.cloudflare.logpush.http

cloud.cloudflare.logpush

cloud.cloudflare.logpush.

<eventType>

http

Table structure

These are the fields displayed in these tables:

Anchor
tag1
tag1
cloud.cloudflare.logpush

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

hostname

str

 

type

str

vtype

message

str

rawMessage

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag2
tag2
cloud.cloudflare.logpush.http

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

ParentRayID

str

 

RayID

str

 

SecurityLevel

str

 

SmartRouteColoID

int8

 

UpperTierColoID

int8

 

ZoneID

int8

 

ZoneName

str

 

BotScoreSrc

str

 

BotScore

int8

 

WorkerCPUTime

int8

 

WorkerStatus

str

 

WorkerSubrequest

bool

 

WorkerSubrequestCount

int8

 

WAFAction

str

 

WAFFlags

str

 

WAFMatchedVar

str

 

WAFProfile

str

 

WAFRuleID

str

 

WAFRuleMessage

str

 

OriginResponseBytes

int8

 

OriginResponseDurationMs

int8

 

OriginResponseHTTPExpires

str

 

OriginResponseHTTPLastModified

str

 

OriginResponseHeaderReceiveDurationMs

int8

 

OriginResponseStatus

int8

 

OriginResponseTime

int8

 

OriginDNSResponseTimeMs

int8

 

OriginIP

str

 

OriginRequestHeaderSendDurationMs

int8

 

OriginSSLProtocol

str

 

OriginTCPHandshakeDurationMs

int8

 

OriginTLSHandshakeDurationMs

int8

 

CacheCacheStatus

str

 

CacheTieredFill

bool

 

CacheResponseBytes

int8

 

CacheResponseStatus

int8

 

ClientASN

int8

 

ClientCountry

str

 

ClientDeviceType

str

 

ClientIP

str

 

ClientIPClass

str

 

ClientMTLSAuthCertFingerprint

str

 

ClientMTLSAuthStatus

str

 

ClientSSLCipher

str

 

ClientSSLProtocol

str

 

ClientSrcPort

int8

 

ClientTCPRTTMs

int8

 

ClientXRequestedWith

str

 

ClientRequestBytes

int8

 

ClientRequestHost

str

 

ClientRequestMethod

str

 

ClientRequestPath

str

 

ClientRequestProtocol

str

 

ClientRequestReferer

str

 

ClientRequestScheme

str

 

ClientRequestSource

str

 

ClientRequestURI

str

 

ClientRequestUserAgent

str

 

EdgeCFConnectingO2O

bool

 

EdgeColoCode

str

 

EdgeColoID

int8

 

EdgeEndTimestamp

timestamp

 

EdgePathingOp

str

 

EdgePathingSrc

str

 

EdgePathingStatus

str

 

EdgeRateLimitAction

str

 

EdgeRateLimitID

int8

 

EdgeRequestHost

str

 

EdgeResponseBodyBytes

int8

 

EdgeResponseBytes

int8

 

EdgeResponseCompressionRatio

str

 

EdgeResponseContentType

str

 

EdgeResponseStatus

int8

 

EdgeServerIP

str

 

EdgeStartTimestamp

timestamp

 

EdgeTimeToFirstByteMs

int8

 

FirewallMatchesActions

str

 

FirewallMatchesRuleIDs

str

 

FirewallMatchesSources

str

 

JA3Hash

str

 

CacheReserveUsed

bool

 

WAFAttackScore

int4

 

WAFRCEAttackScore

int4

 

WAFSQLiAttackScore

int4

 

WAFXSSAttackScore

int4

 

WorkerWallTimeUs

int8

 

SecurityAction

str

 

SecurityActions

str

 

SecurityRuleID

str

 

SecurityRuleIDs

str

 

SecurityRuleDescription

str

 

SecuritySources

str

 

ClientRegionCode

str

 

hostchain

str

 

tag

str

 

rawMessage

str