How to integrate cloud flare with Arc sight and receive the WAF logs into Arc sight.
I’m not sure how ArcSight works, but I may give you some pointers about how Cloudflare delivers the logs to the user:
- You must have an Enterprise plan in order to access the raw logs, either in Logpush or Logpull.
- Cloudflare delivers the logs in NDJSON format, each newline represent a complete JSON document.
- Logpush can only send logs to AWS S3, Azure Blob Storage, Google Cloud Storage and Sumo Logic endpoint. To fulfill your requirements, you may use Logpull to download the logs, process it and then send to ArcSight.
- I have a tool to automatically download Cloudflare logs at a fixed interval:
But if you are looking for a step-by-step instructions on how to send logs to ArcSight, sorry I don’t have. Maybe other community members did that before.