Share via

Cannot read data from Cloudflare in Azure Sentinel

amir rachman 0 Reputation points
2025-02-11T01:11:01.3066667+00:00

I already setting logpush from Cloudflare to Azure sentinel. it only show test log onlyScreenshot_20250210_142216

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,225 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Arias 7,861 Reputation points
    2025-02-11T14:05:52.92+00:00

    Hello amir rachman, It sounds like the Azure Function is working correctly since the Cloudflare_CL table is populated. If Cloudflare is not sending the data. You can follow this below check to verify your configuration:

    1. Logpush Configuration: Double-check the Cloudflare Logpush settings to ensure that logs are being pushed to the correct Azure Blob Storage container. Verify the connection string and container name. https://developers.cloudflare.com/logs/get-started/enable-destinations/azure/
    2. Permissions: Ensure that the Azure Blob Storage container has the correct permissions for the Azure Function to read the logs.
    3. Logpush Settings: Make sure that the Logpush settings in Cloudflare are configured to send logs to the correct storage account and container.
    4. Network Issues: Check if there are any network issues or restrictions that might be preventing Cloudflare from pushing logs to Azure.
    5. Retention Policies: Verify that the logs are not being deleted or overwritten due to retention policies in the storage account.

    Additional references:

    If the information helped address your question, please Accept the answer.

    Luis

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.