Skip to main content

Web Application Firewall logs downloader.

Project description

Cloudflare Web Application Firewall downloader

Build Status PyPI version Python Versions License

A library, CLI, and docker image that downloads Cloudflare WAF logs for a specified zone and time range.

Logo

Schema

See src/waf_logs/resources/db/ for a list of schemas that are auto-applied at start. This can be disabled by passing --ensure_schema False.

Quickstart

The project is published at https://pypi.org/project/waf-downloader/.

Install it via:

pip install waf-downloader

# or alternatively, directly from git
pip install "git+https://github.com/MihaiBojin/waf-downloader@main"

Or with Docker:

docker pull docker.io/mihaibojin/waf-downloader:latest

The list of published images can be found at: https://github.com/MihaiBojin/waf-downloader/pkgs/container/waf-downloader

and

https://hub.docker.com/repository/docker/mihaibojin/waf-downloader/tags

Or with Helm

See charts/waf-downloader/README.md for more details.

Development

Build and run with Docker

Define secrets in an .env file (do not quote values):

CLOUDFLARE_API_TOKEN=...
DB_CONN_STR=...

The Cloudflare token is required (see required permissions), but the connection string is optional. If skipped, it will result in logs being printed to stdout.

IMPORTANT: This project uses taskfile.dev, which you will need to install for running the following commands:

# Build
task docker-build

# Load all logs in zone, starting 5 minutes prior
task docker-run -- --zone_id $CLOUDFLARE_ZONE_ID --start_minutes_ago 5

# And alternatively, only output the logs
task docker-run -- --zone_id $CLOUDFLARE_ZONE_ID --start_minutes_ago 5 2>/dev/null

# Do not specify a start time, relying on a starting timestamp stored in the database
# If a timestamp is not found in the database, or specified with --start_minutes_ago, the downloader will start 5 minutes prior
# This functionality makes it easy to run waf-downloader as a cron job
# NOTE: specifying --start_minutes_ago will always override the timestamp stored in the database, causing potential gaps in the data
task docker-run -- --zone_id $CLOUDFLARE_ZONE_ID

# Do not exit and keep downloading new logs forever
# These will be recent up to the last minute
task docker-run -- --zone_id $CLOUDFLARE_ZONE_ID --follow

# Multiple zones can be specified via a comma-separated string
task docker-run -- --zone_id zone1,zone2,zone3

# Or by repeating the flag
task docker-run -- --zone_id zone1 --zone_id zone2 --zone_id zone3

Publishing to PyPI

GitHub-based version publishing

The simplest way to publish a new version (if you have committer rights) is to tag a commit and push it to the repo:

# At a certain commit, ideally after merging a PR to main
git tag v0.1.x
git push origin v0.1.x

A GitHub Action will run, build the library and publish it to the PyPI repositories.

Manual publish

These steps can also be performed locally. For these commands to work, you will need to export two environment variables (or define them in .env):

export TESTPYPI_PASSWORD=... # token for https://test.pypi.org/legacy/
export PYPI_PASSWORD=... # token for https://upload.pypi.org/legacy/

First, publish to the test repo and inspect the package:

task publish-test

If correct, distribute the wheel to the PyPI index:

task publish

Verify the distributed code

task publish-verify

Cloudflare WAF documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

waf_downloader-0.2.1.tar.gz (225.9 kB view details)

Uploaded Source

Built Distribution

waf_downloader-0.2.1-py3-none-any.whl (20.9 kB view details)

Uploaded Python 3

File details

Details for the file waf_downloader-0.2.1.tar.gz.

File metadata

  • Download URL: waf_downloader-0.2.1.tar.gz
  • Upload date:
  • Size: 225.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.13.0

File hashes

Hashes for waf_downloader-0.2.1.tar.gz
Algorithm Hash digest
SHA256 b36d835e8e62bd60166b9a0e76b452c936fd6c8ee844823c154a6f26e31552a0
MD5 388d26f7ca1833992ce4992e40366f8d
BLAKE2b-256 5db64b34ce561482d81e471271572a740282d0376dcc1b349d211cfd62cd2bd1

See more details on using hashes here.

File details

Details for the file waf_downloader-0.2.1-py3-none-any.whl.

File metadata

File hashes

Hashes for waf_downloader-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2f0cd7980bceb352273e2d408f564a49579ee3850f67ff6cf5e8819c7649eafd
MD5 d60c764ddd36477244a4ec3381c96331
BLAKE2b-256 f08b827b88d508348f55bc77e9be38ec287691ab1edfe18a63d874fa5744d3dc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page