New MCP Portal Logs Dataset

Cloudflare introduced a dedicated MCP Portal Logs dataset to capture activity from its Managed Cloud Platform portal. This new dataset includes 19 fields covering authentication, request handling, and performance metrics:

• Identity & Session: UserEmail, UserID, SessionID, PortalID, PortalAUD
• Request Details: Method, ServerURL, ClientIP, ClientCountry, ColoCode
• Performance & Response: ServerResponseDurationMs, ServerID, ServerAUD
• Resource Access: ResourceReadURI, PromptGetName, ToolCallName
• Status Tracking: Success, Error, Datetime

This dataset enables teams to audit portal access, track API usage patterns, and troubleshoot performance issues in their Managed Cloud Platform deployments.

Enhanced Fields Across Existing Datasets

Cloudflare added new fields to 10+ existing Logpush datasets to improve observability:

Security & Fraud Detection

• Firewall Events: Added FraudUserID for identifying malicious actors
• HTTP Requests: Added FraudEmailRisk and FraudUserID for fraud scoring, plus PayPerCrawlStatus for crawler billing

Network & DNS Analytics

• Network Analytics Logs: DNSQueryName, DNSQueryType, and PFPCustomTag for granular DNS visibility
• Gateway DNS: InternalDNSDurationMs for performance monitoring

Application & Device Monitoring

• DEX Application Tests: HTTPRedirectEndMs, HTTPRedirectStartMs, HTTPResponseBody, HTTPResponseHeaders
• DEX Device State Events: ExperimentalExtra

Identity & Access Tracking

• WARP Toggle Changes: UserEmail
• WARP Config Changes: UserEmail
• Zero Trust Network Session Logs: SNI (Server Name Indication)

Gateway HTTP

• Added AppControlInfo and ApplicationStatuses for application-level visibility

Next Steps

Developers should review Cloudflare's Logpush dataset documentation for complete field definitions. Teams monitoring fraud, DNS, or Zero Trust traffic should update their log aggregation queries to leverage the new fields for enhanced filtering and analysis.