Skip to content

GatewayLogging

Source: src/Cloudflare/Gateway/Logging.ts

Manages the singleton Cloudflare Zero Trust Gateway logging settings for an account (/accounts/{accountId}/gateway/logging) — PII redaction and per-rule-type (DNS / HTTP / L4) activity-log toggles.

The singleton always exists, so reconcile converges only the fields you declare (merging them over the observed state before the PUT, since the API is PUT-only). The pre-management snapshot is captured on first touch and restored on destroy (capture-and-restore).

Managing logging settings

Section titled “Managing logging settings”

Log everything, keep PII

yield* Cloudflare.GatewayLogging("Logging", {
  redactPii: false,
  settingsByRuleType: {
    dns: { logAll: true, logBlocks: true },
    http: { logAll: true, logBlocks: true },
    l4: { logAll: true, logBlocks: true },
  },
});

Only log blocked DNS queries, redacting PII

yield* Cloudflare.GatewayLogging("Logging", {
  redactPii: true,
  settingsByRuleType: {
    dns: { logAll: false, logBlocks: true },
  },
});