Automatic Audit Logs: new updates deliver increased transparency and accountability

What are audit logs and why do they matter?

Audit logs are a critical tool for tracking and recording changes, actions, and resource access patterns within your Cloudflare environment. They provide visibility into who performed an action, what the action was, when it occurred, where it happened, and how it was executed. This enables security teams to identify vulnerabilities, ensure regulatory compliance, and assist in troubleshooting operational issues. Audit logs provide critical transparency and accountability. That's why we're making them "automatic" — eliminating the need for individual Cloudflare product teams to manually send events. Instead, audit logs are generated automatically in a standardized format when an action is performed, providing complete visibility and ensuring comprehensive coverage across all our products.

What's new?

We're excited to announce the beta release of Automatic Audit Logs — a system that unifies audit logging across Cloudflare products. This new system is designed to give you a complete and consistent view of your environment’s activity. Here’s how we’ve enhanced our audit logging capabilities:

  • Standardized logging: Previously, audit logs generation was dependent on separate internal teams, which could lead to gaps and inconsistencies. Now, audit logs are automatically produced in a seamless and standardized way, eliminating Continue reading

Projects to Work On – the AI Recommendations

Vini Motta decided to use AI on ipSpace.net content to find what it would recommend as the projects to work on in order to become employable in 2025. Here are the results he sent me; my comments are inline on a gray background.

Network Automation with Python
Project: Automate basic network tasks like device configuration, backup, or monitoring using Python scripts.

Cisco Is The Bellwether Of Enterprise AI Adoption

While the hyperscalers and big cloud builders all are racing as fast as they can to build the biggest – and presumably the best – models, or collections of models, to win the AI race and become the Microsoft or Red Hat of commercial-grade models, the acquisition of AI hardware and envelope pushing on AI model architecture is not indicative of the adoption of AI by enterprises.

Cisco Is The Bellwether Of Enterprise AI Adoption was written by Timothy Prickett Morgan at The Next Platform.

HPE Sets Gen12 ProLiant Servers Loose On AI And The Edge

Hewlett Packard Enterprise last summer introduced the first of its Gen12 ProLiant systems, packed with Nvidia’s latest GPU accelerators and aimed squarely at the rapidly expanding AI space that in less than two years went from prompt-and-respond chatbots to AI agents that can reason, plan, and collaborate on their own.

HPE Sets Gen12 ProLiant Servers Loose On AI And The Edge was written by Jeffrey Burt at The Next Platform.

Point-to-Point Links in Virtual Labs

In the previous blog post, I described the usual mechanisms used to connect virtual machines or containers in a virtual lab, and the drawbacks of using Linux bridges to connect virtual network devices.

In this blog post, we’ll see how KVM/QEMU/libvirt/Vagrant use UDP tunnels to connect virtual machines, and how containerlab creates point-to-point vEth links between Linux containers.

Offline celebrations: how Christmas, NYE, and Lunar New Year festivities shape online behavior

Now that 2025 has been here for a few weeks and 2024 has closed with a variety of year-end traditions — from Christmas and Hanukkah celebrations to New Year’s Eve (NYE) countdowns, as well as celebrations of Orthodox Christmas, and Lunar/Chinese New Year — let’s examine how these events have shaped online behavior across continents and cultures. Reflecting on Christmas and NYE 2024 provides insights into how these trends compared with those of the previous year, as detailed in an earlier blog.

One notable finding is the remarkable consistency in human online patterns from one year to the next, a trend that persists despite cultural differences among countries. Data from over 50 countries reveal how people celebrated in 2024–2025, offering a timely reminder of typical holiday trends. While Christmas remains a dominant influence in many regions, other cultural and religious events — such as Hanukkah and local festivities — also shape online habits where Western traditions hold less sway.

In regions where Christmas is deeply rooted, Internet traffic dips significantly during Christmas Eve dinners, midnight masses, morning gift exchanges, and Christmas Day lunches, a pattern evident in both our previous and current analyses.

This analysis focuses exclusively on non-bot Internet Continue reading

Tagged VLAN 1 In a Trunk Is a Really Bad Idea

It all started with a netlab issue describing different interpretations of VLAN 1 in a trunk. While Cumulus NVUE (the way the netlab configuration template configures it) assumes that the VLAN 1 in a trunk is tagged, Arista EOS assumes it’s the native VLAN.

At that point, I should have said, “that’s crazy, we shouldn’t allow that” and enforce the “VLAN 1 has to be used as a native VLAN” rule. Alas, 20/20 hindsight never helped anyone.

TL&DR: Do not use VLAN 1 in VLAN trunks; if you have to, use it as a native VLAN.

NB513: UK Demands Apple Backdoor; AI Spending: Can’t Stop, Won’t Stop

Take a Network Break! We start with some red alerts for Cisco ISE, Zyxel, Microsoft, and a Web manager suite called WeGIA. US senators and security experts sound the alarm about DOGE employees introducing security and stability risks in sensitive US government systems, security researchers demonstrate the effectiveness of supply chain attacks that start with... Read more »

Intel Datacenter Chief Departs To Run Nokia – Now What?

After only a little more than a year of running Intel’s Data Center and AI group – which is probably about as much fun right now as falling down the stairs – Justin Hotard has departed the chip maker to become the next chief executive officer of Nokia, which interestingly enough has a renewed interest in building cloud networks and making money at that.

Intel Datacenter Chief Departs To Run Nokia – Now What? was written by Timothy Prickett Morgan at The Next Platform.

Tech Bytes: When the Internet Is Your Network, Catchpoint IPM Provides Critical Visibility (Sponsored)

Today on the Tech Bytes podcast we dive into Digital Experience Monitoring and Internet Performance Monitoring with sponsor Catchpoint. As more users rely on SaaS and cloud for applications, the Internet has essentially become a business-critical network. But how can you, a network engineer, be expected to manage the Internet? Enter Internet Performance Monitoring, or... Read more »

QUIC action: patching a broadcast address amplification vulnerability

Cloudflare was recently contacted by a group of anonymous security researchers who discovered a broadcast amplification vulnerability through their QUIC Internet measurement research. Our team collaborated with these researchers through our Public Bug Bounty program, and worked to fully patch a dangerous vulnerability that affected our infrastructure.

Since being notified about the vulnerability, we've implemented a mitigation to help secure our infrastructure. According to our analysis, we have fully patched this vulnerability and the amplification vector no longer exists. 

Summary of the amplification attack

QUIC is an Internet transport protocol that is encrypted by default. It offers equivalent features to TCP (Transmission Control Protocol) and TLS (Transport Layer Security), while using a shorter handshake sequence that helps reduce connection establishment times. QUIC runs over UDP (User Datagram Protocol).

The researchers found that a single client QUIC Initial packet targeting a broadcast IP destination address could trigger a large response of initial packets. This manifested as both a server CPU amplification attack and a reflection amplification attack.

Transport and security handshakes

When using TCP and TLS there are two handshake interactions. First, is the TCP 3-way transport handshake. A client sends a SYN packet to a server, it responds with Continue reading

Combining URL Categories on Palo Alto

Combining URL Categories on Palo Alto

We know that in Palo Alto, or in any NGFW, we can allow or block various URL categories. Speaking specifically about the Palo Alto firewall, let's say you have a strict URL filtering policy and decide to block the 'Shareware and Freeware' category.

When you do this, you'll likely have frustrated users complaining that they can't access sites like GitHub, for example.

But, What Did I Do?

So, what did I do now to cause another network issue? Well, Palo Alto categorizes github.com as 'Shareware and Freeware', so the firewall simply blocks it. There’s a high chance that many other useful sites will get blocked too.

Combining URL Categories on Palo Alto
Combining URL Categories on Palo Alto

A quick fix is to create a Custom URL Category and add the GitHub URL to it. However, this isn’t a scalable solution.

For instance, if I start with *.github.com, the firewall may block github.com. Then, if I add github.com, the firewall might block URLs like www.github.githubassets.com. To address this, I’d need to use a different wildcard, but we can’t keep doing this for every affected site.

Combining URL Categories on Palo Alto
Combining URL Categories on Palo Alto

Combining URL Categories

Instead of managing each URL individually like before, we Continue reading

Large Language Models (LLM) – Part 1/2: Word Embedding

Introduction

This chapter introduces the basic operations of Transformer-based Large Language Models (LLMs), focusing on fundamental concepts rather than any specific LLM, such as OpenAI’s GPT (Generative Pretrained Transformer).The chapter begins with an introduction to tokenization and word embeddings, which convert input words into a format the model can process. Next, it explains how the transformer component leverages decoder architecture for input processing and prediction. 

This chapter has two main goals. First, it explains how an LLM understands the context of a word. For example, the word “clear” can be used as a verb (Please, clear the table.) or as an adjective (The sky was clear.), depending on the context. Second, it discusses why LLMs require parallelization across hundreds or even thousands of GPUs due to the large model size, massive datasets, and the computational complexity involved.


Tokenizer and Word Embedding Matrix

As a first step, we import a vocabulary into the model. The vocabulary used for training large language models (LLMs) typically consists of a mix of general and domain-specific terms, including basic vocabulary, technical terminology, academic and formal language, idiomatic expressions, cultural references, as well as synonyms and antonyms. Each word and character is Continue reading

From Python to Go 014. Templating Configuration Files.

Hello my friend,

Congratulations if you reach this blog post starting from the beginning of our series. I look in the list of topic I’m going to cover with respect Python to Go (Golang) transition and I see that I’ve already written more than 50% of blog posts; so we are over the half! Secondly, from today we start talking solely about practical network and IT infrastructure automation topics, as all the foundational things are already covered, such as data types, code flow control, reading and parsing files, using CLI arguments, exceptions handling to name a few. Today we’ll talk about how we can template text files. With respect to network and IT infrastructure automation that means we look how to prepare configuration of our network devices, Linux servers or further appliances.

Isn’t AI Going to Replace All Software Developers Anyway?

Almost daily I see in LinkedIn posts about how cool AI is in generating code. It is cool, I agree with that. And I myself use Co-pilot for my private projects for already more than a year and ChatGPT for certain things. However, my experience is that at this stage they don’t yet replace engineers Continue reading

1 2 3 3,761