Built by Metorial, the integration platform for agentic AI.

Learn More

cloudflare-audit-logs

Cloudflare Audit Logs

    Server Summary

    • Query audit logs

    • Monitor security events

    • Track configuration changes

    • Analyze user activity

Cloudflare Audit Logs MCP Server

A Model Context Protocol (MCP) server that provides seamless access to Cloudflare's audit logs, enabling you to query, analyze, and monitor account activity directly through your AI assistant. This server bridges the gap between Cloudflare's comprehensive audit trail and your development workflow, making security monitoring and compliance tracking more accessible than ever.

Overview

The Cloudflare Audit Logs MCP server connects to Cloudflare's API to retrieve detailed audit log entries for your account. Every action taken within your Cloudflare account generates an audit log entry, and this server makes those logs queryable through natural language interactions with your AI assistant.

What It Does

This MCP server provides access to Cloudflare's audit logging system, allowing you to:

  • Retrieve audit log entries from your Cloudflare account across any time range
  • Search and filter logs by user, action type, resource, or time period
  • Monitor account activity to track changes made by team members
  • Investigate security events by examining detailed action logs
  • Review configuration changes to understand when and how settings were modified
  • Track API access patterns and programmatic changes to your infrastructure

Use Cases

Security Monitoring

Quickly investigate suspicious activity or unauthorized changes by querying audit logs for specific users, IP addresses, or action types. Understanding who did what and when becomes as simple as asking your AI assistant.

Compliance and Reporting

Generate compliance reports by retrieving audit logs for specific time periods. Track user activities, configuration changes, and access patterns to meet regulatory requirements and internal audit needs.

Troubleshooting

When something breaks or behaves unexpectedly, audit logs can help you identify recent changes that might be responsible. Query logs around specific timeframes to correlate issues with configuration modifications.

Team Activity Review

Keep track of what your team members are doing across your Cloudflare resources. Review who made changes to DNS records, firewall rules, Workers, or any other Cloudflare configuration.

Features

  • Comprehensive log access to all audit events generated by your Cloudflare account
  • Flexible querying with support for time-based filtering and search parameters
  • Detailed event information including actor, action, resource, timestamp, and metadata
  • Natural language interface through your AI assistant for intuitive log exploration
  • Real-time data directly from Cloudflare's API with no intermediate caching

How to Use

Once configured, simply ask your AI assistant questions about your Cloudflare audit logs. The server handles the API communication and data retrieval, presenting the information in an easy-to-understand format.

Example queries you might ask:

  • "Show me all audit logs from the past 24 hours"
  • "What changes did John make to DNS records last week?"
  • "Find all firewall rule modifications in the past month"
  • "Who accessed the API yesterday?"
  • "What changes were made to Worker scripts this week?"

The server translates your natural language requests into appropriate API calls and returns the relevant audit log data for your review.