Logging policies send traffic and security event data from your Cloudmersive Reverse Proxy Server to the logging destination of your choice. You can add multiple logging policies to a single reverse proxy server and each policy operates independently. This allows you to send logs to multiple destinations simultaneously.

Overview

The following logging policies are available:

• AWS CloudWatch Logging
• Azure Log Analytics
• Azure Event Grid
• Azure Event Hub
• Splunk
• Webhook (JSON) / LogRhythm
• Cloudmersive Log Analytics
• Local Disk Logging

Each policy is described in detail in the sections below, including its purpose and configuration parameters.

Common Configuration Parameters

Every logging policy supports the following common configuration parameters:

Logging Trigger

Controls when the logging policy should activate. Options:

• All Traffic - Log all requests and responses. (Default)
• Policy Blocked Traffic - Only log traffic that was blocked by a security policy.
• Policy Allowed Traffic - Only log traffic that was allowed through by security policies.

Data to Log

Controls what data is included in each log entry. Each option can be independently enabled or disabled:

• Log request URL - Include the full request URL in the log entry.
• Log client IP address - Include the client's IP address in the log entry.
• Log request headers - Include the request headers in the log entry.
• Log policy result details - Include security policy evaluation results and details in the log entry.

AWS CloudWatch Logging

Sends log data to AWS CloudWatch Logs.

Policy-Specific Parameters: None (uses common parameters only).

Azure Log Analytics

Sends log data to an Azure Log Analytics workspace.

Policy-Specific Parameters:

• Workspace ID - The ID of the Azure Log Analytics workspace to send logs to.
• Shared Access Key - The shared access key for authenticating to the Azure Log Analytics workspace.
• Log Type - Optional. The custom log type name to use in Log Analytics. When specified, logs will appear under this custom type in your workspace.

Azure Event Grid

Sends log data to an Azure Event Grid topic.

Policy-Specific Parameters:

• Topic Endpoint - The Azure Event Grid topic endpoint URL to send events to.
• Access Key - The access key for authenticating to the Azure Event Grid topic.

Azure Event Hub

Sends log data to an Azure Event Hub for high-throughput event streaming and processing.

Policy-Specific Parameters:

• Namespace URL - The Azure Event Hub namespace URL (e.g., https://mynamespace.servicebus.windows.net).
• Event Hub Name - The name of the Event Hub to send events to.
• Shared Access Policy Name - The name of the shared access policy used for authentication.
• Shared Access Key - The shared access key for the specified policy.

Splunk

Sends log data to a Splunk instance via the HTTP Event Collector (HEC).

Policy-Specific Parameters:

• Splunk URL - The full URL of the Splunk HTTP Event Collector endpoint. For many configurations this takes the form of https://mydomain.splunkcloud.com:8088/services/collector - note that the full path is required, not just the domain.
• Splunk Access Token - The HEC access token for authenticating to Splunk.

Webhook (JSON) / LogRhythm

Sends log data as a JSON payload to a custom webhook URL. This integration is compatible with LogRhythm and any other system that can receive JSON webhook payloads.

Policy-Specific Parameters:

• Webhook URL - The URL to send the JSON log data to.
• Authentication Header Name - Optional. The name of an HTTP header to include for authentication (e.g., Authorization, X-Api-Key).
• Authentication Header Value - Optional. The value of the authentication header.

Cloudmersive Log Analytics

Sends log data to Cloudmersive's built-in log analytics system for viewing and analysis within the Cloudmersive management portal.

Policy-Specific Parameters: None (uses common parameters only).

Local Disk Logging

Writes log data to a file on the local disk of the reverse proxy server.

Policy-Specific Parameters:

• Logging Path - The local file system path to write log files to (e.g., C:\Logging).