Cloudflare Audit Logs
Ingests Cloudflare audit logs for tracking account-level changes and activities. This input collects audit events that record actions taken within your Cloudflare account, including zone modifications, DNS changes, firewall rule updates, and administrative actions.
Sync Type: Incremental
Requirements
- A Cloudflare account with access to the Audit Logs feature (Enterprise plan or add-on)
- An API Token with the
Account Settings:Readpermission - Your Cloudflare Account ID
Creating an API Token
- Log in to your Cloudflare dashboard
- Navigate to My Profile > API Tokens
- Click Create Token
- Use the Create Custom Token option
- Configure the token:
- Token name: Give it a descriptive name (e.g., "Monad Audit Logs")
- Permissions: Add
Account>Account Settings>Read - Account Resources: Select the specific account(s) or "All accounts"
- Click Continue to summary and then Create Token
- Copy the token value (you won't be able to see it again)
Finding Your Account ID
- Log in to your Cloudflare dashboard
- Select the account you want to monitor
- The Account ID is displayed in the right sidebar on the overview page
- Alternatively, find it in the URL:
https://dash.cloudflare.com/{account_id}/...
Details
- State Management: Uses ascending cursor-based pagination with timestamp tracking. Monad stores the last processed timestamp to fetch only new events on subsequent runs.
- API Endpoint:
GET /accounts/{account_id}/audit_logs - Pagination: Page-based pagination with up to 1000 records per page, sorted in ascending order by timestamp.
- Rate Limits: 1200 requests per 5 minutes (4 requests per second). The input automatically enforces this limit.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
account_id | string | Yes | Cloudflare Account ID |
backfill_start_time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
| API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See API Rate Limiting for the field format, limits, and how to choose a value. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
api_token | string | Yes | API Token with Account Settings |
Rate Limits
| Limit | Value | Notes |
|---|---|---|
| Requests per 5 minutes | 1,200 | Enforced by Cloudflare |
| Max records per page | 1,000 | Maximum allowed by API |
Source: Cloudflare API Rate Limits
Troubleshooting
Common Issues
Issue: API returned success=false with authentication error
Cause: The API token is invalid, expired, or lacks the required permissions.
Solution: Verify your API token is correct and has the Account Settings:Read permission. Create a new token if needed.
Issue: Account ID is required validation error
Cause: The Account ID field was left empty.
Solution: Enter your Cloudflare Account ID in the settings. You can find this in your Cloudflare dashboard.
Issue: No data returned despite having audit logs Cause: The backfill start time may be set to a future date, or the account may not have any audit events in the specified time range. Solution: Verify the backfill start time is set correctly or leave it empty to fetch all available logs.
Issue: Rate limit exceeded errors Cause: Multiple integrations or manual API calls are consuming the rate limit quota. Solution: The input automatically handles rate limiting. If you see persistent errors, reduce the frequency of other API calls to your Cloudflare account.
Related Articles
Sample Record
Code