Skip to content

Commit

Permalink
[Gateway] Network and HTTP logs update (#17385)
Browse files Browse the repository at this point in the history
  • Loading branch information
@maxvp
maxvp authored Oct 10, 2024
1 parent 95bfe7f commit e67e465
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 40 deletions.
4 changes: 4 additions & 0 deletions src/content/changelogs/gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ productLink: "/cloudflare-one/policies/gateway/"
productArea: Cloudflare One
productAreaLink: /cloudflare-one/changelog/
entries:
- publish_date: "2024-10-04"
title: Expanded Gateway log fields
description: |-
Gateway now offers new fields in [activity logs](/cloudflare-one/insights/logs/gateway-logs/) for DNS, network, and HTTP policies to provide greater insight into your users' traffic routed through Gateway.
- publish_date: "2024-09-30"
title: File sandboxing
description: |-
Expand Down
97 changes: 57 additions & 40 deletions src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,19 +134,20 @@ Gateway will only log failed connections in [network session logs](/logs/referen
| Field | Description |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Source IP** | IP address of the user sending the packet. |
| **Source internal IP** | Private IP address assigned by the user's local network. |
| **Source Internal IP** | Private IP address assigned by the user's local network. |
| **Destination IP** | IP address of the packet's target. |
| **Action** | The Gateway [Action](/cloudflare-one/policies/gateway/dns-policies/#actions) taken based on the first rule that matched (such as Allow or Block). |
| **Session ID** | ID of the unique session. |
| **Time** | Date and time of the session. |

#### Matched policies

| Field | Description |
| ---------------------- | ----------------------------------------------------- |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the policy enforcing the decision Gateway made. |
| **Policy description** | Description of the matched policy. |
| Field | Description |
| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| **DNS location** | [User-configured location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) from where the DNS query was made. |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the policy enforcing the decision Gateway made. |
| **Policy description** | Description of the matched policy. |

#### Identities

Expand All @@ -160,20 +161,25 @@ Gateway will only log failed connections in [network session logs](/logs/referen

#### Network query details

| Field | Description |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Source IP** | IP address of the user sending the packet. |
| **Source port** | Source port number for the packet. |
| **Source country** | Country code for the packet source. |
| **Destination IP** | IP address of the packet's target. |
| **Destination port** | Destination port number for the packet. |
| **Destination country** | Destination port number for the packet. |
| **Protocol** | Protocol over which the packet was sent. |
| **Detected protocol** | The detected [network protocol](/cloudflare-one/policies/gateway/network-policies/protocol-detection/). |
| **SNI** | Host whose Server Name Indication (SNI) header Gateway will filter traffic against. |
| **Virtual network** | [Virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
| **Category details** | Category or categories associated with the packet. |
| **Proxy PAC endpoint** | [PAC file proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
| Field | Description |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Source IP** | IP address of the user sending the packet. |
| **Source port** | Source port number for the packet. |
| **Source country** | Country code for the packet source. |
| **Source IP continent** | Continent code of the source IP address. |
| **Source IP country** | Country code of the source IP address. |
| **Destination IP** | IP address of the packet's target. |
| **Destination port** | Destination port number for the packet. |
| **Destination IP continent** | Continent code of the IP address for the packet's destination. |
| **Destination IP country** | Country code of the IP address for the packet's destination. |
| **Transport protocol** | Protocol over which the packet was sent. |
| **Detected Protocol** | The detected [network protocol](/cloudflare-one/policies/gateway/network-policies/protocol-detection/). |
| **SNI** | Host whose Server Name Indication (SNI) header Gateway will filter traffic against. |
| **Virtual Network** | [Virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
| **Category details** | Category or categories associated with the packet. |
| **Proxy endpoint** | [PAC file proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
| **Application ID** | ID of the application that matched the domain. |
| **Application name** | Name of the application that matched the domain. |

## HTTP logs

Expand Down Expand Up @@ -203,11 +209,14 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th

#### Matched policies

| Field | Description |
| ---------------------- | ---------------------------------- |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the matched policy. |
| **Policy description** | Description of the matched policy. |
| Field | Description |
| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| **DNS location** | [User-configured location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) from where the DNS query was made. |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the matched policy. |
| **Policy description** | Description of the matched policy. |
| **Matched category ID** | ID of the category matched in the policy. |
| **Matched category name** | Name of the category matched in the policy. |

#### Identities

Expand All @@ -221,21 +230,29 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th

#### HTTP query details

| Field | Description |
| -------------------------- | ----------------------------------------------------------------------------------------------------------- |
| **HTTP version** | HTTP version of the origin that Gateway connected to on behalf of the user. |
| **HTTP method** | HTTP method used for the request (such as `GET` or `POST`). |
| **HTTP status code** | [HTTP status code](/support/troubleshooting/http-status-codes/http-status-codes/) returned in the response. |
| **URL** | Full URL of the HTTP request. |
| **Referer** | Referer request header containing the address of the page making the request. |
| **Source IP** | Public source IP address of the HTTP request. |
| **Source port** | Port that was used to make the HTTP request. |
| **Source IP country** | Country code of the HTTP request. |
| **Destination IP** | Public IP address of the destination requested. |
| **Destination port** | Port of the destination requested. |
| **Destination IP country** | Country code of the destination requested. |
| **Blocked file reason** | Reason why the file was blocked if a file transfer occurred or was attempted. |
| **Category details** | Category the blocked file belongs to. |
| Field | Description |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| **HTTP Version** | HTTP version of the origin that Gateway connected to on behalf of the user. |
| **HTTP Method** | HTTP method used for the request (such as `GET` or `POST`). |
| **HTTP Status Code** | [HTTP status code](/support/troubleshooting/http-status-codes/http-status-codes/) returned in the response. |
| **URL** | Full URL of the HTTP request. |
| **Referer** | Referer request header containing the address of the page making the request. |
| **Source IP** | Public source IP address of the HTTP request. |
| **Source Port** | Port that was used to make the HTTP request. |
| **Source IP continent** | Continent code of the HTTP request. |
| **Source IP country** | Country code of the HTTP request. |
| **Destination IP** | Public IP address of the destination requested. |
| **Destination Port** | Port of the destination requested. |
| **Destination IP continent** | Continent code of the destination requested. |
| **Destination IP country** | Country code of the destination requested. |
| **Blocked file reason** | Reason why the file was blocked if a file transfer occurred or was attempted. |
| **Category details** | Detailed information on the category the blocked file belongs to. |
| **Application ID** | ID of the application that matched the domain. |
| **Application name** | Name of the application that matched the domain. |
| **Categories** | [Content categories](/cloudflare-one/policies/gateway/domain-categories/) that the domain belongs to. |
| **Proxy endpoint** | [PAC file proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
| **Virtual Network** | [Virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
| **Sandbox scanned** | Status of the [file quarantine](/cloudflare-one/policies/gateway/http-policies/file-sandboxing/). |

#### File detection details

Expand Down

0 comments on commit e67e465

Please sign in to comment.