Access to Firewall Event logs via API?

Hi any plans on opening up Firewall Event log querying via the CF API ?

Thinking it would be useful to be able analyse and parse the Firewall Event log entries locally on the server i.e. grabbing those bad IPs and feeding them into origin server’s local firewall as an extra layer in case folks bypass Cloudflare to hit the origin IPs.

Local server firewall policy should be based on white-listing rather than black-listing.

true though for layer 7 based requests to HTTP/HTTPS blocking those IPs that Cloudflare Firewall deems suspect/bad is still nice.

1 Like

Then maybe better to honeypot those IPs


I certainly agree, would like access to obtain the Firewall events via the API.




don’t think the API had that when I posted this product request - I remember looking :slight_smile:

I was surprised to see that too.

Spent a couple hours tinkering with it on Postman, it was just great to finally be able to filter Firewall Events using specific conditions, and not depend on that terribly slow UI.

Limited to 1,000 matching records not older than a year.

Since it is on the documentation, I’m hoping this is here to stay.

1 Like

Dear team,

Any support at this moment ? Due to some false positive block, then I can’t login to CF dashboard, hope you can send support alert to email

Is the API to list the firewall events gone, again?
I cannot find it in the API docs.
The only docs I can find are about how to get the events via graphql:


It’s been deprecated as of March 1, it seems. Cloudflare API v4 Documentation

Firewall Events are now available as a Data Set on the new GraphQL Analytics API.

1 Like

Is it possible to download monthly Firewall events data via GraphQL API? When I set the value of limit to anything above 10K then I get the error that the value of limit cannot be more than 10K. Is this an API limit or Account limit?