Exporting WAF Logs on Business plan
Is it possible to use the API to export the WAF logs and then i can parse and import it to an external SIEM? I know its possible on Enterprise with LogPush but i aren't spending 3k per month
2 Replies
You can export up to 500 on Business at a time
You can export a set of up to 500 raw events from the Activity log in JSON format. Export event data to combine and analyze Cloudflare data with your own stored in a separate system or database, such as a SIEM system. The data you export will reflect any filters you have applied. To export the displayed events (up to 500), select Export in the Activity log.https://developers.cloudflare.com/waf/analytics/security-events/paid-plans/ As for an API for that, it looks like it just uses the GraphQL Endpoint and
ActivityLogQuery
to get the raw eventsBrilliant thankyou, i'll give this a try and see if i can get it working how I need 🙂
Wish logpush was for businesses too since we also need to keep logs and don't have the same budgets as huge enterprises