Network Analytics Logs
The descriptions below detail the fields available for network_analytics_logs.
Type: string
Unique identifier of the attack campaign that this packet was a part of, if any.
Type: string
Unique identifier of the mitigation that matched the packet, if any.
Type: string
Descriptive name of the type of attack that this packet was a part of, if any. Only for packets matching rules contained within the Cloudflare L3/4 managed ruleset.
Type: string
The city where the Cloudflare datacenter that received the packet is located.
Type: string
The Cloudflare datacenter that received the packet (nearest IATA airport code).
Type: string
The country where the Cloudflare datacenter that received the packet is located (ISO 3166-1 alpha-2).
Type: string
The latitude and longitude where the colo that received the packet is located (Geohash encoding).
Type: string
The unique site identifier of the Cloudflare datacenter that received the packet (for example, ‘ams01’, ‘sjc01’, ‘lhr01’).
Type: int or string
The date and time the event occurred at the edge.
Type: int
The ASN associated with the destination IP of the packet.
Type: string
The name of the ASN associated with the destination IP of the packet.
Type: string
The country where the destination IP of the packet is located (ISO 3166-1 alpha-2).
Type: string
The latitude and longitude where the destination IP of the packet is located (Geohash encoding).
Type: int
Value of the Destination Port header field in the TCP or UDP packet.
Type: string
The direction in relation to customer network.
Possible values are ingress | egress.
Type: int
Value of the Checksum header field in the GRE packet.
Type: int
Value of the EtherType header field in the GRE packet.
Type: int
Length of the GRE packet header, in bytes.
Type: int
Value of the Key header field in the GRE packet.
Type: int
Value of the Sequence Number header field in the GRE packet.
Type: int
Value of the Version header field in the GRE packet.
Type: int
Value of the Checksum header field in the ICMP packet.
Type: int
Value of the Code header field in the ICMP packet.
Type: int
Value of the Type header field in the ICMP packet.
Type: string
Value of the Destination Address header field in the IPv4 or IPv6 packet.
Type: string
Computed subnet of the Destination Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6).
Type: int
Value of the Fragment Offset header field in the IPv4 or IPv6 packet.
Type: int
Length of the IPv4 or IPv6 packet header, in bytes.
Type: int
Value of the More Fragments header field in the IPv4 or IPv6 packet.
Type: int
Value of the Protocol header field in the IPv4 or IPv6 packet.
Type: string
Name of the protocol specified by the Protocol header field in the IPv4 or IPv6 packet.
Type: string
Value of the Source Address header field in the IPv4 or IPv6 packet.
Type: string
Computed subnet of the Source Address header field in the IPv4 or IPv6 packet (/24 for IPv4; /64 for IPv6).
Type: int
Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet.
Type: int
Value of the TTL header field in the IPv4 packet or the Hop Limit header field in the IPv6 packet, with the last digit truncated.
Type: int
Total length of the IPv4 or IPv6 packet, in bytes.
Type: int
Total length of the IPv4 or IPv6 packet, in bytes, with the last two digits truncated.
Type: int
Value of the Checksum header field in the IPv4 packet.
Type: int
Value of the Differentiated Services Code Point header field in the IPv4 packet.
Type: int
Value of the Don’t Fragment header field in the IPv4 packet.
Type: int
Value of the Explicit Congestion Notification header field in the IPv4 packet.
Type: int
Value of the Identification header field in the IPv4 packet.
Type: string
List of Options numbers included in the IPv4 packet header.
Type: int
Value of the Differentiated Services Code Point header field in the IPv6 packet.
Type: int
Value of the Explicit Congestion Notification header field in the IPv6 packet.
Type: string
List of Extension Header numbers included in the IPv6 packet header.
Type: int
Value of the Flow Label header field in the IPv6 packet.
Type: int
Value of the Identification extension header field in the IPv6 packet.
Type: string
Reason for applying a mitigation to the packet, if any.
Possible values are BLOCKED | RATE_LIMITED |UNEXPECTED | CHALLENGE_NEEDED | CHALLENGE_PASSED | NOT_FOUND | OUT_OF_SEQUENCE | ALREADY_CLOSED.
Type: string
Whether the packet matched a local or global mitigation, if any.
Possible values are local | global.
Type: string
Which Cloudflare system sampled the packet.
Possible values are dosd | flowtrackd | magic-firewall.
Type: string
The action that Cloudflare systems took on the packet.
Possible values are pass | drop.
Type: string
State of the packet in the context of the protocol, if any.
Possible values are OPEN | NEW | CLOSING | CLOSED.
Type: string
Unique identifier of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any.
Type: string
Human-readable name of the rule contained within the Cloudflare L3/4 managed ruleset that this packet matched, if any.
Type: string
Unique identifier of the Cloudflare L3/4 managed ruleset containing the rule that this packet matched, if any.
Possible values are 3b64149bfa6e4220bbbc2bd6db589552.
Type: string
Unique identifier of the rule within the accounts root ddos_l4 phase ruleset which resulted in an override of the default sensitivity or action being applied/evaluated, if any.
Type: int
The sample interval is the inverse of the sample rate. For example, a sample interval of 1000 means that this packet was randomly sampled from 1 in 1000 packets. Sample rates are dynamic and based on the volume of traffic.
Type: int
The ASN associated with the source IP of the packet.
Type: string
The name of the ASN associated with the source IP of the packet.
Type: string
The country where the source IP of the packet is located (ISO 3166-1 alpha-2).
Type: string
The latitude and longitude where the source IP of the packet is located (Geohash encoding).
Type: int
Value of the Source Port header field in the TCP or UDP packet.
Type: int
Value of the Acknowledgement Number header field in the TCP packet.
Type: int
Value of the Checksum header field in the TCP packet.
Type: int
Value of the Data Offset header field in the TCP packet.
Type: int
Value of the Flags header field in the TCP packet.
Type: string
Human-readable string representation of the Flags header field in the TCP packet.
Type: int
Value of the MSS option header field in the TCP packet.
Type: string
List of Options numbers included in the TCP packet header.
Type: string
List of the SACK Blocks option header in the TCP packet.
Type: int
Value of the SACK Permitted option header in the TCP packet.
Type: int
Value of the Sequence Number header field in the TCP packet.
Type: int
Value of the Timestamp Echo Reply option header in the TCP packet.
Type: int
Value of the Timestamp option header in the TCP packet.
Type: int
Value of the Urgent Pointer header field in the TCP packet.
Type: int
Value of the Window Scale option header in the TCP packet.
Type: int
Value of the Window Size header field in the TCP packet.
Type: int
Value of the Checksum header field in the UDP packet.
Type: int
Value of the Payload Length header field in the UDP packet.
Type: string
The action that Cloudflare systems think should be taken on the packet.
Possible values are pass | drop.