Is it possible to get raw logs?

Hello,

The other day we received a series of DDoS attacks and I was wondering if it’s possible to request the raw access logs of minutes before the attack started. Because some of the requests went through CF initially, I had to remove those logs and I’d really like to have the traffic before the attack occurred. :sweat_smile:

Regards.

After the fact? Even on Enterprise plans, I don’t think it’s possible.

https://developers.cloudflare.com/logs/logpull/enabling-log-retention

2 Likes

Data retention period

You can query for logs starting from 1 minute in the past (relative to the actual time that you make the query) and going back at least 3 days and up to 7 days.

The attack was just a couple of days ago, (we are still receiving the attacks so even those from some hours ago would work).

Yeah, but it says you need to enable log retention first.

3 Likes

Oh, you are right, my bad! I will keep the post open in case there is some hope that I can get those :sweat_smile:.
I’m primarily asking because I remember that once when I asked support about an attack, they were able to show me part of the logs (visualized) so if there is any chance that they exist and I can get them… that’d be great.

1 Like

Probably they are using GraphQL to query the data, but sampled data.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.