Releases: cloudflare/logshare
Releases · cloudflare/logshare
v1.4.2
v1.4.1
Customizable Timestamp Formats & Sampling
- Add the timestamp-format and sample flags to logshare-cli
- Add TimestampFormat and Sample to logshare.Options
- Default to the new endpoint in the library
- Remove the option to use the old endpoint via logshare-cli.
logshare-cli will now default to the new log format as documented in our knowledge base, and does not offer the option to use the old format.
Logpull by Default
--by-receivedis the default behaviour--legacy-endpointcan be called to hit the (deprecated) endpoint- Added an example to the README for listing available log fields
List Fields
Pre-Release Notes
- Added the
--list-fieldsflag to list the available fields when using the--by-receivedendpoint - note that the list of fields not final and is subject to change.
logshare-cli --api-email=$CF_API_EMAIL --api-key=$CF_API_KEY \
--zone-name=$CF_ZONE_NAME --list-fields | jq
{
"CacheResponseBytes": "Number of bytes returned by the cache",
"CacheResponseStatus": "HTTP status code returned by the cache",
"ClientASN": "Client AS number",
"ClientCountry": "Country of the client IP address",
"ClientDeviceType": "Client device type",
"ClientIP": "IP address of the client",
"ClientIPClass": "Client IP class",
"ClientRequestHost": "Host requested by the client",
"ClientRequestMethod": "HTTP method of client request",
"ClientRequestProtocol": "HTTP protocol of client request",
"ClientRequestReferer": "HTTP request referrer",
"ClientRequestURI": "URI requested by the client",
"ClientRequestUserAgent": "User agent reported by the client",
"ClientSSLCipher": "Client SSL cipher",
"ClientSSLProtocol": "Client SSL protocol",
"ClientSrcPort": "Client source port",
"EdgeColoID": "Cloudflare edge colo id",
"EdgeEndTimestamp": "Unix nanosecond timestamp the edge finished sending response to the client",
"EdgePathingStatus": "Edge pathing status",
"EdgeResponseBytes": "Number of bytes returned by the edge to the client",
"EdgeResponseCompressionRatio": "Edge response compression ratio",
"EdgeResponseStatus": "HTTP status code returned by Cloudflare to the client",
"EdgeStartTimestamp": "Unix nanosecond timestamp the edge received request from the client",
"OriginIP": "IP of the origin server",
"OriginResponseBytes": "Number of bytes returned by the origin server",
"OriginResponseStatus": "Status returned by the origin server",
"RayID": "Ray ID of the request",
"WAFAction": "Action taken by the WAF, if triggered",
"WAFRuleID": "ID of the applied WAF rule",
"ZoneID": "Internal zone ID"
}- Available fields can be passed as a comma-separated list to the
--fieldsflag - e.g.
logshare-cli --api-email=$CF_API_EMAIL --api-key=$CF_API_KEY \
--zone-name=$CF_ZONE_NAME --start-time=`hours-ago 1` \
--end-time=`mins-ago 10` --count=2 \
--fields=RayID,ClientIP --by-receivedFields
Support the new --fields option, which allows specifying the fields to be returned in each log-line.
e.g.
logshare-cli --api-email=$CF_API_EMAIL --api-key=$CF_API_KEY \
--zone-name=$CF_ZONE_NAME --start-time=`hours-ago 1` \
--end-time=`mins-ago 10` --count=2 \
--fields=RayID,ClientIP --by-received/received
Adds support for the (new) /received endpoint, which allows you to fetch all logs based on their delivery time, rather than the request time. Note: This endpoint is not part of the official API and may change at whim.
Benefits?
- All logs are retrieved, and late-arriving logs do not require you to re-request for the same timestamp window (they will simply be available as they are written to Cloudflare's log storage platform).
- A new (not yet finalized) log format with just the basics.
Use the --by-received flag in the CLI or set "ByReceived" to true in the library.
v1.1
v1.0
v0.1
v0.1.
- Pull logs from Cloudflare's Enterprise Log Share API - as documented here: https://support.cloudflare.com/hc/en-us/articles/216672448
- Download pre-built binaries for Windows, macOS and Linux.