Network Analytics Logs
The descriptions below detail the fields available for network_analytics_logs.
| Field | Value | Type |
|---|---|---|
| AttackCampaignID | Unique identifier of the attack campaign that this packet was a part of, if any | string |
| AttackID | Unique identifier of the mitigation that matched the packet, if any | string |
| ColoCountry | The country of colo that received the packet (ISO 3166-1 alpha-2) | string |
| ColoGeoHash | The latitude and longitude where the colo that received the packet is located (Geohash encoding) | string |
| ColoID | The ID of the colo that received the DNS query (for example, 46, 72, 397) | int |
| ColoName | The name of the colo that received the DNS query (for example, ‘SJC’, ‘MIA’, ‘IAD’) | string |
| Datetime | The date and time the event occurred at the edge | int or string |
| DestinationASN | The ASN associated with the destination IP of the packet | int |
| DestinationASNDescription | The ASN description associated with the destination IP of the packet | string |
| DestinationCountry | The country where the destination IP of the packet is located (ISO 3166-1 alpha-2) | string |
| DestinationGeoHash | The latitude and longitude where the destination IP of the packet is located (Geohash encoding) | string |
| DestinationPort | Value of the Destination Port header field in the TCP or UDP packet | int |
| Direction | The direction in relation to customer network. Possible values are: ingress | egress | string |
| GREChecksum | Value of the Checksum header field in the GRE packet | int |
| GREEthertype | Value of the Ethertype header field in the GRE packet | int |
| GREHeaderLength | Length of the GRE packet header, in bytes | int |
| GREKey | Value of the Key header field in the GRE packet | int |
| GRESequenceNumber | Value of the Sequence Number header field in the GRE packet | int |
| GREVersion | Value of the Version header field in the GRE packet | int |
| ICMPChecksum | Value of the Checksum header field in the ICMP packet | int |
| ICMPCode | Value of the Code header field in the ICMP packet | int |
| ICMPType | Value of the Type header field in the ICMP packet | int |
| IPDestinationAddress | Value of the Destination Address header field in the IPv4 or IPv6 packet | string |
| IPDestinationSubnet | Computed subnet of the Destination Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6) | string |
| IPFragmentOffset | Value of the Fragment Offset header field in the IPv4 or IPv6 packet | int |
| IPHeaderLength | Length of the IPv4 or IPv6 packet header, in bytes | int |
| IPMoreFragments | Value of the More Fragments header field in the IPv4 or IPv6 packet | int |
| IPProtocol | Value of the Protocol header field in the IPv4 or IPv6 packet | int |
| IPProtocolName | Name of the protocol specified by the Protocol header field in the IPv4 or IPv6 packet | string |
| IPSourceAddress | Value of the Source Address header field in the IPv4 or IPv6 packet | string |
| IPSourceSubnet | Computed subnet of the Source Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6) | string |
| IPTotalLength | Total length of the IPv4 or IPv6 packet, in bytes | int |
| IPTotalLengthBuckets | Total length of the IPv4 or IPv6 packet, in bytes, with the last two digits truncated | int |
| IPTtl | Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet | int |
| IPTtlBuckets | Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet, with the last digit truncated | int |
| IPv4Checksum | Value of the Checksum header field in the IPv4 packet | int |
| IPv4DontFragment | Value of the Don’t Fragment header field in the IPv4 packet | int |
| IPv4Dscp | Value of the Differentiated Services Code Point header field in the IPv4 packet | int |
| IPv4Ecn | Value of the Explicit Congestion Notification header field in the IPv4 packet | int |
| IPv4Identification | Value of the Identification header field in the IPv4 packet | int |
| IPv4Options | List of Options numbers included in the IPv4 packet header | int |
| IPv6Dscp | Value of the Differentiated Services Code Point header field in the IPv6 packet | int |
| IPv6Ecn | Value of the Explicit Congestion Notification header field in the IPv6 packet | int |
| IPv6ExtensionHeaders | List of Extension Header numbers included in the IPv6 packet header | string |
| IPv6FlowLabel | Value of the Flow Label header field in the IPv6 packet | int |
| IPv6Identification | Value of the Identification extension header field in the IPv6 packet | int |
| MitigationReason | Reason for applying a mitigation to the packet, if any. Possible values are: BLOCKED | RATE_LIMITED | UNEXPECTED | CHALLENGE_NEEDED | CHALLENGE_PASSED | NOT_FOUND | OUT_OF_SEQUENCE | ALREADY_CLOSED | string |
| MitigationScope | Ether the packet matched a local or global mitigation, if any. Possible values are: local | global | string |
| MitigationSystem | Which Cloudflare system dropped the packet, if any. Possible values are: dosd | flowtrackd | magic-firewall | string |
| Outcome | The action that Cloudflare systems took on the packet. Possible values are: pass | drop | string |
| ProtocolState | State of the packet in the context of the protocol, if any. Possible values are: OPEN | NEW | CLOSING | CLOSED | string |
| RuleID | Unique identifier of the rule contained with the Cloudflare L3/4 managed ruleset that this packet matched, if any | string |
| RulesetID | Unique identifier of the Cloudflare L3/4 managed ruleset containing the rule that this packet matched, if any. Possible values are: 3b64149bfa6e4220bbbc2bd6db589552 | string |
| RulesetOverrideID | Unique identifier of the rule within the accounts root ddos_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any | string |
| SampleInterval | The sample interval for this log | int |
| SourceASN | The ASN associated with the source IP of the packet | int |
| SourceASNDescription | The ASN description associated with the source IP of the packet | string |
| SourceCountry | The country where the source IP of the packet is located (ISO 3166-1 alpha-2) | string |
| SourceGeoHash | The latitude and longitude where the source IP of the packet is located (Geohash encoding) | string |
| SourcePort | Value of the Source Port header field in the TCP or UDP packet | int |
| TCPAcknowledgementNumber | Value of the Acknowledgement Number header field in the TCP packet | int |
| TCPChecksum | Value of the Checksum header field in the TCP packet | int |
| TCPDataOffset | Value of the Data Offset header field in the TCP packet | int |
| TCPFlags | Value of the Flags header field in the TCP packet | int |
| TCPFlagsString | Human-readable string representation of the Flags header field in the TCP packet | string |
| TCPMss | Value of the MSS option header field in the TCP packet | int |
| TCPOptions | List of Options numbers included in the TCP packet header | string |
| TCPSackBlocks | Value of the SACK Blocks option header in the TCP packet | int |
| TCPSacksPermitted | Value of the SACK Permitted option header in the TCP packet | int |
| TCPSequenceNumber | Value of the Sequence Number header field in the TCP packet | int |
| TCPTimestampEcr | Value of the Timestamp Echo Reply option header in the TCP packet | int |
| TCPTimestampValue | Value of the Timestamp option header in the TCP packet | int |
| TCPUrgentPointer | Value of the Urgent Pointer header field in the TCP packet | int |
| TCPWindowScale | Value of the Window Scale option header in the TCP packet | int |
| TCPWindowSize | Value of the Window Size header field in the TCP packet | int |
| UDPChecksum | Value of the Checksum header field in the UDP packet | int |
| UDPPayloadLength | Value of the Payload Length header field in the UDP packet | int |
| Verdict | The action that Cloudflare systems think should be taken on the packet. Possible values are: pass | drop | string |