Ingests Cloudflare Logs to Azure Log Analytics Workspaces.
This is a Cloudflare Tail Worker that sends Cloudflare Workers logs to Azure Log Analytics Workspaces/Azure Monitor Logs through the Logs Ingestion API in Azure Monitor.
- Cloudflare Workers Paid Plan
- Azure Subscription
- Create a Microsoft Entra application to authenticate against the API.
- Create a data collection endpoint (DCE) to receive data.
- Create a custom table in a Log Analytics workspace. This is the table you'll be sending data to. As part of this process, you will create a data collection rule (DCR) to direct the data to the target table.
- Give the AD application access to the DCR.
-
Set up a Worker in Cloudflare and add the below
ARM_CLIENT_SECRET
environment variable as secret. -
Modify the rest of the environment variables in wrangler.toml and deploy it to Cloudflare.
-
Add the following to the wrangler.toml file of the producer Worker:
tail_consumers = [{service = "law-ingestion"}]
Variable name | Description | Example |
---|---|---|
ARM_TENANT_ID | Azure tenant ID | 40a009eb-76f8-4d32-bca3-893aaebd0f41 |
ARM_CLIENT_ID | Client ID of Azure service principal | cd96fd2a-8b49-4df0-bd0c-8d396d97c259 |
ARM_CLIENT_SECRET | Client secret of Azure service principal | fII8Q~FO.qbSmcpxpyZqfsbv.7nz46X4_4HutaHw |
DCE_URL | Data Collection Endpoint URL | https://cloudflare-logging-asu8.westeurope-1.ingest.monitor.azure.com/dataCollectionRules/dcr-1e5cc3ed115842ecb647b43f4d8bafef/streams/Custom-CfLogging_CL?api-version=2023-01-01 DCR immutable ID is only visible in JSON view! |