Send Cloudflare Logpush Logs to Observability Pipelines

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.
이용 가능:

Logs

Overview

This document goes over how to send Cloudflare Logpush logs to Observability Pipelines using the HTTP Server source.

Prerequisites

The following are required to send Cloudflare Logpush logs to Observability Pipelines:

  • A Cloudflare account with Logpush enabled.
  • A server or a server pool, fronted by a load balancer, that runs the Observability Pipelines Worker and allows traffic from Cloudflare’s CIDR blocks or the public internet.
  • A DNS entry that points to your Workers’ load balancer or OPW server.
  • An SSL/TLS certificate for your domain. Cloudflare requires an HTTPS endpoint and does not accept HTTP.
    • Note: You cannot use Cloudflare origin certificates because they are not publicly trusted.
  • If you are using a firewall in front of your Worker or Workers’ load balancer, add Cloudflare’s IP addresses to your allowlist.

Set up a pipeline

Set up the pipeline components

  1. Navigate to Observability Pipelines.
  2. Select a log template to create a pipeline.
  3. Select the HTTP Server source.
  4. If you are using Secrets Management, enter the identifier for the HTTP/S Server address key. See Set secrets for the defaults used.
  5. Select your authorization strategy. If you selected Basic:
    • Enter the identifiers for the HTTP/S Server username and password. See Set secrets for the defaults used.
  6. In the Decoding dropdown menu, select Bytes.
  7. Toggle the switch to Enable TLS.
    • If you are using Secrets Management, enter the identifier for the HTTP/S Server key pass. See Set secrets for the defaults used.
    • The following certificate and key files are required.
      • Server Certificate Path: The path to the certificate file that has been signed by your Certificate Authority (CA) root file in DER, PEM, or CRT (X.509).
      • CA Certificate Path: The path to the certificate file that is your Certificate Authority (CA) root file in DER or PEM (X.509).
      • Private Key Path: The path to the .key private key file that belongs to your Server Certificate Path in DER or PEM (PKCS #8) format.
      • Notes:
        • The configuration data directory /var/lib/observability-pipelines-worker/config/ is automatically appended to the file paths. See Advanced Worker Configurations for more information.
        • The file must be owned by the observability-pipelines-worker group and observability-pipelines-worker user, or at least readable by the group or user.
  8. Copy your certificates into the configuration directory:
    # Create the configuration directory
sudo mkdir -p /var/lib/observability-pipelines-worker/config

# Copy your certificates
sudo cp /path/to/your/<your-cert-file> /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo cp /path/to/your/<your-cert-file> /var/lib/observability-pipelines-worker/config/<your-cert-file>
  9. After you set up your destinations and processors, click Next: Install.

Install the Worker

  1. On the Install page, select your platform in the dropdown menu.
  2. Follow the instructions on the page to install the Worker based on your platform. See Install the Worker for details.
  3. After installing the Worker, change ownership of the certificates so the Observability Pipelines Worker can read them:
    # Change ownership so the Worker can read the certificates
sudo chgrp observability-pipelines-worker /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo chmod 640 /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo chgrp observability-pipelines-worker /var/lib/observability-pipelines-worker/config/<your-cert-file>
sudo chmod 640 /var/lib/observability-pipelines-worker/config/<your-cert-file>
  4. Deploy the configuration from the Observability Pipelines UI.
  5. Test your endpoint using curl:
    curl -X POST https://your-domain.com \
  -u username:password \
  -H "Content-Type: application/json" \
  -d '{"message":"test log from curl","source":"curl","service":"cloudflare-logpush"}'

Set up Cloudflare Logpush

Follow the Cloudflare Logpush HTTP destination documentation to set up Logpush to send logs to an HTTP endpoint.

  • For the HTTP endpoint: If you use HTTP Basic authorization, the authorization headers in the URL need to be base64 encoded: https://subdomain.your-domain.com?header_Authorization=Basic%20<base64-encoded-credentials>

After your Logpush job has been successfully created, you can view your Cloudflare Logpush logs in Datadog Log Explorer.