Enable Logpush to Microsoft Azure
Cloudflare Logpush supports pushing logs directly to Microsoft Azure via the Cloudflare dashboard or via API.
Manage via the Cloudflare dashboard
Enable Logpush to Microsoft Azure via the dashboard.
To enable the Cloudflare Logpush service:
Log in to the Cloudflare dashboard.
Select the Enterprise account or domain you want to use with Logpush.
Go to Analytics & Logs > Logs.
Click Add Logpush job. A modal window opens where you will need to complete several steps.
Select the data set you want to push to a storage service.
Select the data fields to include in your logs. Add or remove fields later by modifying your settings in Logs > Logpush.
Select Microsoft Azure.
Enter or select the following destination information:
- SAS URL
- Blob container subpath (optional)
- Daily subfolders
Click Validate access.
Enter the Ownership token (included in a file or log Cloudflare sends to your provider) and click Prove ownership. To find the ownership token, click the Open button in the Overview tab of the ownership challenge file.
Click Save and Start Pushing to finish enabling Logpush.
Once connected, Cloudflare lists Microsoft Azure as a connected service under Logs > Logpush. Edit or remove connected services from here.
Create and get access to a Blob Storage container
Cloudflare uses a shared access signature (SAS) token to gain access to your Blob Storage container. You will need to provide Write
permission and an expiration period of at least five years, which will allow you to not worry about the SAS token expiring.
Ensure Log Share permissions are enabled, before attempting to read or configure a Logpush job. For more information refer to the Roles section.
To enable Logpush to Azure:
Create a Blob Storage container. Refer to instructions from Azure.
Create a shared access signature (SAS). To learn about shared access signatures, refer to information from Azure.
- Logpush requires a service-level SAS or an account-level SAS token.
- To create a SAS token:
- Service-level SAS token:
- Navigate to
Storage Explorer (preview)
under storage account. - Choose relevant blob container, and generate SAS token:
- Provide expiry time at least five years into the future (from now).
- Make sure to grant only
Write
permission.
- Navigate to
- Account-level SAS token:
- Navigate to
Shared access signature
under storage account. - Generate SAS token:
- Select only
Blob
forAllowed service
. - Select only
Object
forAllowed resporce types
. - Select only
Write
forAllowed permissions
. - Uncheck
Enables deletion of versions
. - Provide expiry time at least five years into the future (from now).
- Navigate to
- Service-level SAS token:
Provide the SAS URL when prompted by the Logpush API or UI.