Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Amazon AWS S3 REST API Log Source Parameters for Cloudflare Logs

If JSA does not automatically detect the log source, add a Cloudflare Logs log source on the JSA Console by using the Amazon AWS S3 REST API protocol.

When you use the Amazon AWS S3 REST API protocol, there are specific parameters that you must configure.

The following table describes the parameters that require specific values to collect Amazon AWS S3 REST API events from Cloudflare Logs:

Table 1: Amazon AWS S3 REST API Log Source Parameters for the Cloudflare Logs DSM

Parameter

Value

Log Source type

Cloudflare Logs

Protocol Configuration

Amazon AWS S3 REST API

Log Source Identifier

Type a unique name for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Cloudflare Logs log source that is configured, you might want to identify the first log source as Cloudflare1, the second log source as Cloudflare2, and the third log source as Cloudflare3.

Authentication Method

Access Key ID / Secret Key

Standard authentication that can be used from anywhere.

For more information about configuring security credentials, see Configuring Security Credentials for Your AWS User Account.

EC2 Instance IAM Role

If your managed host is running on an AWS EC2 instance, choosing this option uses the IAM Role from the instance metadata that is assigned to the instance for authentication; no keys are required. This method works only for managed hosts that are running within an AWS EC2 container.

Access Key ID

If you selected Access Key ID / Secret Key for the Authentication Method, configure the Access Key ID parameter.

The Access Key ID that was generated when you configured the security credentials for your AWS user account. This value is also the Access Key ID that is used to access the AWS S3 bucket.

Secret Key

If you selected Access Key ID / Secret Key for the Authentication Method, configure the Secret Key parameter.

The Secret Key that was generated when you configured the security credentials for your AWS user account. This value is also the Secret Key ID that is used to access the AWS S3 bucket.

S3 Collection Method

Select SQS Event Notifications.

SQS Queue URL

Type the full URL , beginning with https://, of the SQS queue that is set up to receive notifications for ObjectCreate events from S3.

Region Name

The region that the S3 Bucket is in. Example: useast- 1, eu-west-1, ap-northeast-3

Event Format

Select LINEBYLINE from the list.

Use as a Gateway Log Source

Select this option for the collected events to flow through the JSA Traffic Analysis engine and for JSA to automatically detect one or more log sources.

Log Source Identifier Pattern

This option is available when you set Use as a Gateway Log Source is set to yes.

Use this option if you want to define a custom Log Source Identifier for events being processed. This field accepts key value pairs to define the custom Log Source Identifier, where the key is the Identifier Format String, and the value is the associated regex pattern. You can define multiple key value pairs by entering a pattern on a new line. When multiple patterns are used, they are evaluated in order until a match is found and a custom Log Source Identifier can be returned.

Show Advanced Options

Select this option

File Pattern

This option is available when Show Advanced Options is set to yes.

Type a regex for the file pattern that matches the files that you want to pull; for example, .*?\.log \.gz