HTTP Receiver log source parameters for Cloudflare Logs

If IBM QRadar does not automatically detect the log source, add a Cloudflare Logs log source on the QRadar Console by using the HTTP Receiver protocol.

When you use the HTTP Receiver protocol, there are specific parameters that you must configure.

The following table describes the parameters that require specific values to collect HTTP Receive events from Cloudflare Logs:
Table 1. HTTP Receiver log source parameters for the Cloudflare Logs DSM
Parameter Value
Log Source type Cloudflare Logs
Protocol Configuration HTTP Receiver
Log Source Identifier

Type a unique name for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Cloudflare Logs log source that is configured, you might want to identify the first log source as Cloudflare1, the second log source as Cloudflare2, and the third log source as Cloudflare3.

Communication Type HTTP or HTTPS, depending on the QRadar url that is used to integrate with QRadar.
TLS version TLSv1.2
Listen Port The QRadar port that is used to integrate with Cloudflare and is used in the command to start the Logpush job.
Message Pattern .*

For a complete list of HTTP Receiver protocol parameters and their values, see HTTP Receiver protocol configuration options.