IDS logs
You can use Logpush with Cloudflare Network Firewall IDS (Intrusion Detection System) to export logs of detected threats. IDS monitors your network traffic for a wide range of known threat signatures, including attacks such as ransomware, data exfiltration, and network scanning.
-
Consult the Logpush Destination docs to learn about what destinations Logpush supports. The documentation will also instruct you on how to correctly format the destination URL for Logpush.
-
Follow the Manage Logpush with cURL tutorial to validate your Logpush destination and define a Logpush job.
-
Magic IDS is an account-scoped dataset. Unlike zone-specific datasets that apply to a single domain, account-scoped datasets use a different API endpoint. Replace the string
/zone/<ZONE_ID>in the Cloudflare API URLs in the tutorial with/account/<ACCOUNT_ID>. -
Consult the Magic IDS Detection fields doc to know what fields you want configured for the job.
-
When creating the Logpush job, the dataset field should equal
magic_ids_detections. -
Timestamps default to
unixnanoformat (nanoseconds since the Unix epoch, January 1, 1970). If your destination expects a different format (such as RFC 3339), refer to Logpush Options for available timestamp formats. In the Logpush API configuration string, options are appended after the field list.