Cloudflare logpush to http elastic agent

gyterpena · October 4, 2023, 12:08pm

Hello
I'm trying to set up logpush integration with CF. I have set up elastic agent per documentation

and I'm trying to enable logpush on CF by API

but I'm getting

{"errors":[{"code":1002,"message":"error validating destination: error writing object: error uploading to https: 415 {\"message\":\"wrong Content-Type header, expecting application/json\"}"}],"messages":[],"result":null,"success":false}

I'm seeing part of this error mentioned here

with explanation

The ownership_challenge parameter is not required to create a Logpush job to an HTTP endpoint. You need to make sure that the file upload to validate the destination accepts a gzipped test.txt.gz with content as {“content”:“tests”} compressed, otherwise it will return an error, like error validating destination: error writing object: error uploading.

But don't know how to make elastic agent to accept test.txt.gz or if this is indeed cause of error I get.

gyterpena · October 20, 2023, 9:44am

This is caused by missing application/json header in destination_conf field of api call. Below call works.
curl --location --request POST 'https://api.cloudflare.com/client/v4/zones/<ZONE ID>/logpush/jobs' \
--header 'X-Auth-Key: <X-AUTH-KEY>' \
--header 'X-Auth-Email: <X-AUTH-EMAIL>' \
--header 'Authorization: <BASIC AUTHORIZATION>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name":"<public domain>",
    "destination_conf": "https://<public domain>:<public port>/<dataset path>?header_Content-Type=application/json&header_<secret_header>=<secret_value>",
    "dataset": "audit",
    "logpull_options": "fields=RayID,EdgeStartTimestamp&timestamps=rfc3339"
}'

system · November 17, 2023, 9:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.