Cloudflare has a great Analytics dashboard that provides good insight into your proxied web traffic. While the interface is intuitive and great for some high-level information, the dashboard may not always have the information you need.
The advanced logs you are looking for can be retrieved using either Logpush or Logpull. In this post we will cover the basics and retrieve some logs using the Logpull API with PowerShell.
In order to make requests, you will need an API key and a zone ID.
Log in to Cloudflare and go to My Profile:
Go to API Tokens and then view your Global API Key. Save this for later:
Navigate to your Account and then choose your website you want to view logs for. Retrieve the Zone ID and save this for later:
Enable Log Retention
HTTP request logs are not retained by default, so you will need to enable log retention before you can use the Logpull API.
You can check the status of log retention for your zone by running this in PowerShell (replacing variables with the values you retrieved earlier):
If the flag in the response is set to false, you need to enable log retention. Run the following to enable log retention:
Making a Request
With log retention enabled, you are ready to start making requests. You will want to review the available log fields to customize your request to conform to your use case.
Here is an example of a request made to the /logs/received endpoint which will fetch the previous hour's worth of logs for your zone and save them to a .ndjson file locally:
View the Cloudflare developer documentation for more information about requesting logs with the Logpull API, which includes all of the available log fields that are supported to customize your requests.