Cloudflare Docs

Cloudflare Docs

Overview
Logpush
Edge Log Delivery
Get started
Permissions
API configuration
Enable destinations

Enable Cloudflare R2
Enable HTTP destination
Enable Amazon S3
Enable S3-compatible endpoints
Enable Datadog
Enable Elastic
Enable Google Cloud Storage
Enable BigQuery
Enable Microsoft Azure
Enable New Relic
Enable Splunk
Enable other providers
Enable Sumo Logic
Enable IBM QRadar

Logpush alerts and analytics
Tutorials
Parse Cloudflare Logs JSON data
Logpush examples

Manage Logpush with cURL
Manage Logpush with Python
Reference
Log Output Options
Filters
Custom fields
Log fields

Zone-scoped datasets

DNS logs
Firewall events
HTTP requests
NEL reports
Spectrum events

Account-scoped datasets

Access requests
Audit logs
CASB Findings
Device posture results
DNS Firewall Logs
Gateway DNS
Gateway HTTP
Gateway Network
Magic IDS Detections
Network Analytics Logs
Sinkhole HTTP Logs
Workers Trace Events
Zero Trust Network Session Logs

Pathing status
Security fields
WAF fields
ClientRequestSource field
Change notices

2023-02-01 - Updates to security fields

Glossary
Instant Logs
Logs Engine
Logpull
Understanding the basics
Enabling log retention
Requesting logs
Additional details
FAQ

WAF fields

The Web Application Firewall (WAF) contains rules managed by Cloudflare to block requests that contain malicious content.

WAF Action

Value	Action	Description
`0`	Unknown	Take no other action.
`1`	Allow	Bypass all subsequent WAF rules.
`2`	Block	Block with an HTTP 403 response.
`3`	Challenge Allow	Issue a Managed Challenge.
`4`	Challenge Drop	Unused.
`5`	Log	Take no action other than logging the event.

Deprecated fields for internal Cloudflare use

The values of these fields are subject to change by Cloudflare at any time and are irrelevant for customer data analysis:

WAFFlags
WAFMatchedVar