Comment on page
Cloudflare Audit Logs
Quickly ingest your Cloudflare Audit logs
Cloudflare Audit logs allow you to view audit events from your Cloudflare account. Audit logs give insights into what resources were changed in your Cloudflare organization.
Cloudflare Audit logs will grab 30 days worth of logs for your account and backfill your source. After the initial load, RunReveal will attempt to poll the Cloudflare API to download your new audit logs every 60 seconds.
Give your Cloudflare source a descriptive name to help find it later. The two fields we require from your Cloudflare account are your account identifier and an API token.
To find your account identifier,
- 1.Login to your Cloudflare account
- 2.Navigate to your organization's site settings
- 3.Your account identifier will be listed in the right hand panel near the bottom.
- 4.Click the copy button and paste it into RunReveal
Account ID location
To generate an API token you can click the
Get your API tokenlink directly under the Account ID section. From there, create a new custom token.
Give the token a name like RunReveal to identify its use. The only permission the token requires is read access to
CF Token Settings
Once added the source logs should begin flowing within a minute.
You can validate we are receiving your logs by running the following SQL query.
SELECT * FROM runreveal_logs WHERE sourceType = 'cf-audit' LIMIT 1