Network Analytics Logs
The descriptions below detail the fields available for network_analytics_logs
.
Field | Value | Type |
---|---|---|
AttackCampaignID | Unique identifier of the attack campaign that this packet was a part of, if any. | string |
AttackID | Unique identifier of the mitigation that matched the packet, if any. | string |
AttackVector | Descriptive name of the type of attack that this packet was a part of, if any. Only for packets matching rules contained within the Cloudflare L3/4 managed ruleset. | string |
ColoCity | The city where the Cloudflare datacenter that received the packet is located. | string |
ColoCode | The Cloudflare datacenter that received the packet (nearest IATA airport code). | string |
ColoCountry | The country where the Cloudflare datacenter that received the packet is located (ISO 3166-1 alpha-2). | string |
ColoGeoHash | The latitude and longitude where the colo that received the packet is located (Geohash encoding). | string |
ColoName | The unique site identifier of the Cloudflare datacenter that received the packet (for example, ‘ams01’, ‘sjc01’, ’lhr01’). | string |
Datetime | The date and time the event occurred at the edge. | int or string |
DestinationASN | The ASN associated with the destination IP of the packet. | int |
DestinationASNName | The name of the ASN associated with the destination IP of the packet. | string |
DestinationCountry | The country where the destination IP of the packet is located (ISO 3166-1 alpha-2). | string |
DestinationGeoHash | The latitude and longitude where the destination IP of the packet is located (Geohash encoding). | string |
DestinationPort | Value of the Destination Port header field in the TCP or UDP packet. | int |
Direction | The direction in relation to customer network. Possible values are ingress | egress. |
string |
GREChecksum | Value of the Checksum header field in the GRE packet. | int |
GREEtherType | Value of the EtherType header field in the GRE packet. | int |
GREHeaderLength | Length of the GRE packet header, in bytes. | int |
GREKey | Value of the Key header field in the GRE packet. | int |
GRESequenceNumber | Value of the Sequence Number header field in the GRE packet. | int |
GREVersion | Value of the Version header field in the GRE packet. | int |
ICMPChecksum | Value of the Checksum header field in the ICMP packet. | int |
ICMPCode | Value of the Code header field in the ICMP packet. | int |
ICMPType | Value of the Type header field in the ICMP packet. | int |
IPDestinationAddress | Value of the Destination Address header field in the IPv4 or IPv6 packet. | string |
IPDestinationSubnet | Computed subnet of the Destination Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6). | string |
IPFragmentOffset | Value of the Fragment Offset header field in the IPv4 or IPv6 packet. | int |
IPHeaderLength | Length of the IPv4 or IPv6 packet header, in bytes. | int |
IPMoreFragments | Value of the More Fragments header field in the IPv4 or IPv6 packet. | int |
IPProtocol | Value of the Protocol header field in the IPv4 or IPv6 packet. | int |
IPProtocolName | Name of the protocol specified by the Protocol header field in the IPv4 or IPv6 packet. | string |
IPSourceAddress | Value of the Source Address header field in the IPv4 or IPv6 packet. | string |
IPSourceSubnet | Computed subnet of the Source Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6). | string |
IPTTL | Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet. | int |
IPTTLBuckets | Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet, with the last digit truncated. | int |
IPTotalLength | Total length of the IPv4 or IPv6 packet, in bytes. | int |
IPTotalLengthBuckets | Total length of the IPv4 or IPv6 packet, in bytes, with the last two digits truncated. | int |
IPv4Checksum | Value of the Checksum header field in the IPv4 packet. | int |
IPv4DSCP | Value of the Differentiated Services Code Point header field in the IPv4 packet. | int |
IPv4DontFragment | Value of the Don’t Fragment header field in the IPv4 packet. | int |
IPv4ECN | Value of the Explicit Congestion Notification header field in the IPv4 packet. | int |
IPv4Identification | Value of the Identification header field in the IPv4 packet. | int |
IPv4Options | List of Options numbers included in the IPv4 packet header. | string |
IPv6DSCP | Value of the Differentiated Services Code Point header field in the IPv6 packet. | int |
IPv6ECN | Value of the Explicit Congestion Notification header field in the IPv6 packet. | int |
IPv6ExtensionHeaders | List of Extension Header numbers included in the IPv6 packet header. | string |
IPv6FlowLabel | Value of the Flow Label header field in the IPv6 packet. | int |
IPv6Identification | Value of the Identification extension header field in the IPv6 packet. | int |
MitigationReason | Reason for applying a mitigation to the packet, if any. Possible values are BLOCKED | RATE_LIMITED |UNEXPECTED | CHALLENGE_NEEDED | CHALLENGE_PASSED | NOT_FOUND | OUT_OF_SEQUENCE | ALREADY_CLOSED. |
string |
MitigationScope | Whether the packet matched a local or global mitigation, if any. Possible values are local | global. |
string |
MitigationSystem | Which Cloudflare system sampled the packet. Possible values are dosd | flowtrackd | magic-firewall. |
string |
Outcome | The action that Cloudflare systems took on the packet. Possible values are pass | drop. |
string |
ProtocolState | State of the packet in the context of the protocol, if any. Possible values are OPEN | NEW | CLOSING | CLOSED. |
string |
RuleID | Unique identifier of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any. | string |
RuleName | Human-readable name of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any. | string |
RulesetID | Unique identifier of the Cloudflare L3/4 managed ruleset containing the rule that this packet matched, if any. Possible values are 3b64149bfa6e4220bbbc2bd6db589552. |
string |
RulesetOverrideID | Unique identifier of the rule within the accounts root ddos_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any. | string |
SampleInterval | The sample interval is the inverse of the sample rate. For example, a sample interval of 1000 means that this packet was randomly sampled from 1 in 1000 packets. Sample rates are dynamic and based on the volume of traffic. | int |
SourceASN | The ASN associated with the source IP of the packet. | int |
SourceASNName | The name of the ASN associated with the source IP of the packet. | string |
SourceCountry | The country where the source IP of the packet is located (ISO 3166-1 alpha-2). | string |
SourceGeoHash | The latitude and longitude where the source IP of the packet is located (Geohash encoding). | string |
SourcePort | Value of the Source Port header field in the TCP or UDP packet. | int |
TCPAcknowledgementNumber | Value of the Acknowledgement Number header field in the TCP packet. | int |
TCPChecksum | Value of the Checksum header field in the TCP packet. | int |
TCPDataOffset | Value of the Data Offset header field in the TCP packet. | int |
TCPFlags | Value of the Flags header field in the TCP packet. | int |
TCPFlagsString | Human-readable string representation of the Flags header field in the TCP packet. | string |
TCPMSS | Value of the MSS option header field in the TCP packet. | int |
TCPOptions | List of Options numbers included in the TCP packet header. | string |
TCPSACKBlocks | List of the SACK Blocks option header in the TCP packet. | string |
TCPSACKPermitted | Value of the SACK Permitted option header in the TCP packet. | int |
TCPSequenceNumber | Value of the Sequence Number header field in the TCP packet. | int |
TCPTimestampECR | Value of the Timestamp Echo Reply option header in the TCP packet. | int |
TCPTimestampValue | Value of the Timestamp option header in the TCP packet. | int |
TCPUrgentPointer | Value of the Urgent Pointer header field in the TCP packet. | int |
TCPWindowScale | Value of the Window Scale option header in the TCP packet. | int |
TCPWindowSize | Value of the Window Size header field in the TCP packet. | int |
UDPChecksum | Value of the Checksum header field in the UDP packet. | int |
UDPPayloadLength | Value of the Payload Length header field in the UDP packet. | int |
Verdict | The action that Cloudflare systems think should be taken on the packet. Possible values are pass | drop. |
string |