Cloudflare Docs
Logs
Logs
Visit Logs on GitHub
Set theme to dark (⇧+D)

Network Analytics Logs

The descriptions below detail the fields available for network_analytics_logs.

Field Value Type
AttackCampaignID Unique identifier of the attack campaign that this packet was a part of, if any. string
AttackID Unique identifier of the mitigation that matched the packet, if any. string
AttackVector Descriptive name of the type of attack that this packet was a part of, if any. Only for packets matching rules contained within the Cloudflare L3/4 managed ruleset. string
ColoCity The city where the Cloudflare datacenter that received the packet is located. string
ColoCode The Cloudflare datacenter that received the packet (nearest IATA airport code). string
ColoCountry The country where the Cloudflare datacenter that received the packet is located (ISO 3166-1 alpha-2). string
ColoGeoHash The latitude and longitude where the colo that received the packet is located (Geohash encoding). string
ColoName The unique site identifier of the Cloudflare datacenter that received the packet (for example, ‘ams01’, ‘sjc01’, ’lhr01’). string
Datetime The date and time the event occurred at the edge. int or string
DestinationASN The ASN associated with the destination IP of the packet. int
DestinationASNName The name of the ASN associated with the destination IP of the packet. string
DestinationCountry The country where the destination IP of the packet is located (ISO 3166-1 alpha-2). string
DestinationGeoHash The latitude and longitude where the destination IP of the packet is located (Geohash encoding). string
DestinationPort Value of the Destination Port header field in the TCP or UDP packet. int
Direction The direction in relation to customer network.
Possible values are ingress | egress.
string
GREChecksum Value of the Checksum header field in the GRE packet. int
GREEtherType Value of the EtherType header field in the GRE packet. int
GREHeaderLength Length of the GRE packet header, in bytes. int
GREKey Value of the Key header field in the GRE packet. int
GRESequenceNumber Value of the Sequence Number header field in the GRE packet. int
GREVersion Value of the Version header field in the GRE packet. int
ICMPChecksum Value of the Checksum header field in the ICMP packet. int
ICMPCode Value of the Code header field in the ICMP packet. int
ICMPType Value of the Type header field in the ICMP packet. int
IPDestinationAddress Value of the Destination Address header field in the IPv4 or IPv6 packet. string
IPDestinationSubnet Computed subnet of the Destination Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6). string
IPFragmentOffset Value of the Fragment Offset header field in the IPv4 or IPv6 packet. int
IPHeaderLength Length of the IPv4 or IPv6 packet header, in bytes. int
IPMoreFragments Value of the More Fragments header field in the IPv4 or IPv6 packet. int
IPProtocol Value of the Protocol header field in the IPv4 or IPv6 packet. int
IPProtocolName Name of the protocol specified by the Protocol header field in the IPv4 or IPv6 packet. string
IPSourceAddress Value of the Source Address header field in the IPv4 or IPv6 packet. string
IPSourceSubnet Computed subnet of the Source Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6). string
IPTTL Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet. int
IPTTLBuckets Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet, with the last digit truncated. int
IPTotalLength Total length of the IPv4 or IPv6 packet, in bytes. int
IPTotalLengthBuckets Total length of the IPv4 or IPv6 packet, in bytes, with the last two digits truncated. int
IPv4Checksum Value of the Checksum header field in the IPv4 packet. int
IPv4DSCP Value of the Differentiated Services Code Point header field in the IPv4 packet. int
IPv4DontFragment Value of the Don’t Fragment header field in the IPv4 packet. int
IPv4ECN Value of the Explicit Congestion Notification header field in the IPv4 packet. int
IPv4Identification Value of the Identification header field in the IPv4 packet. int
IPv4Options List of Options numbers included in the IPv4 packet header. string
IPv6DSCP Value of the Differentiated Services Code Point header field in the IPv6 packet. int
IPv6ECN Value of the Explicit Congestion Notification header field in the IPv6 packet. int
IPv6ExtensionHeaders List of Extension Header numbers included in the IPv6 packet header. string
IPv6FlowLabel Value of the Flow Label header field in the IPv6 packet. int
IPv6Identification Value of the Identification extension header field in the IPv6 packet. int
MitigationReason Reason for applying a mitigation to the packet, if any.
Possible values are BLOCKED | RATE_LIMITED |UNEXPECTED | CHALLENGE_NEEDED | CHALLENGE_PASSED | NOT_FOUND | OUT_OF_SEQUENCE | ALREADY_CLOSED.
string
MitigationScope Whether the packet matched a local or global mitigation, if any.
Possible values are local | global.
string
MitigationSystem Which Cloudflare system sampled the packet.
Possible values are dosd | flowtrackd | magic-firewall.
string
Outcome The action that Cloudflare systems took on the packet.
Possible values are pass | drop.
string
ProtocolState State of the packet in the context of the protocol, if any.
Possible values are OPEN | NEW | CLOSING | CLOSED.
string
RuleID Unique identifier of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any. string
RuleName Human-readable name of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any. string
RulesetID Unique identifier of the Cloudflare L3/4 managed ruleset containing the rule that this packet matched, if any.
Possible values are 3b64149bfa6e4220bbbc2bd6db589552.
string
RulesetOverrideID Unique identifier of the rule within the accounts root ddos_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any. string
SampleInterval The sample interval is the inverse of the sample rate. For example, a sample interval of 1000 means that this packet was randomly sampled from 1 in 1000 packets. Sample rates are dynamic and based on the volume of traffic. int
SourceASN The ASN associated with the source IP of the packet. int
SourceASNName The name of the ASN associated with the source IP of the packet. string
SourceCountry The country where the source IP of the packet is located (ISO 3166-1 alpha-2). string
SourceGeoHash The latitude and longitude where the source IP of the packet is located (Geohash encoding). string
SourcePort Value of the Source Port header field in the TCP or UDP packet. int
TCPAcknowledgementNumber Value of the Acknowledgement Number header field in the TCP packet. int
TCPChecksum Value of the Checksum header field in the TCP packet. int
TCPDataOffset Value of the Data Offset header field in the TCP packet. int
TCPFlags Value of the Flags header field in the TCP packet. int
TCPFlagsString Human-readable string representation of the Flags header field in the TCP packet. string
TCPMSS Value of the MSS option header field in the TCP packet. int
TCPOptions List of Options numbers included in the TCP packet header. string
TCPSACKBlocks List of the SACK Blocks option header in the TCP packet. string
TCPSACKPermitted Value of the SACK Permitted option header in the TCP packet. int
TCPSequenceNumber Value of the Sequence Number header field in the TCP packet. int
TCPTimestampECR Value of the Timestamp Echo Reply option header in the TCP packet. int
TCPTimestampValue Value of the Timestamp option header in the TCP packet. int
TCPUrgentPointer Value of the Urgent Pointer header field in the TCP packet. int
TCPWindowScale Value of the Window Scale option header in the TCP packet. int
TCPWindowSize Value of the Window Size header field in the TCP packet. int
UDPChecksum Value of the Checksum header field in the UDP packet. int
UDPPayloadLength Value of the Payload Length header field in the UDP packet. int
Verdict The action that Cloudflare systems think should be taken on the packet.
Possible values are pass | drop.
string