Cloudflare Audit Logs
Ingests Cloudflare audit logs for tracking account-level changes and activities. This input collects audit events that record actions taken within your Cloudflare account, including zone modifications, DNS changes, firewall rule updates, and administrative actions.
Sync Type: Incremental
Requirements
- A Cloudflare account with access to the Audit Logs feature (Enterprise plan or add-on)
- An API Token with the
Account Settings:Readpermission - Your Cloudflare Account ID
Creating an API Token
- Log in to your Cloudflare dashboard
- Navigate to My Profile > API Tokens
- Click Create Token
- Use the Create Custom Token option
- Configure the token:
- Token name: Give it a descriptive name (e.g., "Monad Audit Logs")
- Permissions: Add
Account>Account Settings>Read - Account Resources: Select the specific account(s) or "All accounts"
- Click Continue to summary and then Create Token
- Copy the token value (you won't be able to see it again)
Finding Your Account ID
- Log in to your Cloudflare dashboard
- Select the account you want to monitor
- The Account ID is displayed in the right sidebar on the overview page
- Alternatively, find it in the URL:
https://dash.cloudflare.com/{account_id}/...
Details
- State Management: Uses ascending cursor-based pagination with timestamp tracking. Monad stores the last processed timestamp to fetch only new events on subsequent runs.
- API Endpoint:
GET /accounts/{account_id}/audit_logs - Pagination: Page-based pagination with up to 1000 records per page, sorted in ascending order by timestamp.
- Rate Limits: 1200 requests per 5 minutes (4 requests per second). The input automatically enforces this limit.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
account_id | string | Yes | Cloudflare Account ID |
backfill_start_time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
api_token | string | Yes | API Token with Account Settings:Read permission |
Rate Limits
| Limit | Value | Notes |
|---|---|---|
| Requests per 5 minutes | 1,200 | Enforced by Cloudflare |
| Max records per page | 1,000 | Maximum allowed by API |
Source: Cloudflare API Rate Limits
Troubleshooting
Common Issues
Issue: API returned success=false with authentication error
Cause: The API token is invalid, expired, or lacks the required permissions.
Solution: Verify your API token is correct and has the Account Settings:Read permission. Create a new token if needed.
Issue: Account ID is required validation error
Cause: The Account ID field was left empty.
Solution: Enter your Cloudflare Account ID in the settings. You can find this in your Cloudflare dashboard.
Issue: No data returned despite having audit logs Cause: The backfill start time may be set to a future date, or the account may not have any audit events in the specified time range. Solution: Verify the backfill start time is set correctly or leave it empty to fetch all available logs.
Issue: Rate limit exceeded errors Cause: Multiple integrations or manual API calls are consuming the rate limit quota. Solution: The input automatically handles rate limiting. If you see persistent errors, reduce the frequency of other API calls to your Cloudflare account.
Related Articles
Sample Record
{
"action": {
"result": true,
"type": "dns_record_create"
},
"actor": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"type": "user"
},
"id": "f1e2d3c4-b5a6-7890-1234-567890abcdef",
"interface": "",
"metadata": {
"account_pubname": "Example Account"
},
"newValue": "",
"newValueJson": {},
"oldValue": "",
"oldValueJson": {},
"owner": {
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
},
"resource": {
"id": "b2c3d4e5-f6a7-8901-bcde-f23456789012",
"type": "dns_record"
},
"when": "2024-01-15T10:30:00Z"
}