Why do I see Cloudflare logs dropping and the alert "Source [CloudFlare-YourLogSource] has not received events for more than 1 hour" in Panther?

Last updated
Save as PDF

QUESTION

I noticed that our Cloudflare logs are dropping. However, it doesn't look like Cloudflare is failing to push logs. We are also getting the following alert in Panther:

"Source [CloudFlare-YourLogSource] has not received events for more than 1 hour"

ANSWER

If you experience this delay, it could indicate Cloudflare issues:

Cloudflare may not have delivered logs to S3 for that time period.
Alternatively, S3 may not have sent a notification to Panther about a new object created during that time period.

If all your other sources based on S3 were fully functional, it seems more likely that Cloudflare delayed sending logs to S3, rather than the logs being dropped. You can confirm this by performing a search for events during the affected periods.