News: 1732681810

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Cloudflare broke its logging-a-service service, causing customer data loss

(2024/11/27)


Cloudflare has admitted that it broke its own logging-as-a-service service with a bad software update, and that customer data was lost as a result.

The network-taming firm admitted in a Tuesday [1]post that, for roughly 3.5 hours on November 14, its Cloudflare Logs service didn't send data it collected to customers – and about 55 percent of the logs were lost.

Cloudflare Logs gathers logs generated by the cloud services and sends them to customers who want to analyze them. Cloudflare [2]suggests the logs may prove helpful "for debugging, identifying configuration adjustments, and creating analytics, especially when combined with logs from other sources, such as your application server."

[3]

Cloudflare customers often want logs from multiple servers and, as logfiles can be verbose and voluminous, the provider worries that consuming them all could prove overwhelming.

[4]

[5]

"Imagine the postal service ringing your doorbell once for each letter instead of once for each packet of letters," the post suggests. "With thousands or millions of letters each second, the number of separate transactions that would entail becomes prohibitive."

Cloudflare therefore uses a tool called Logpush to bundle logs into bundles of predictable size, then push them to customers with a sensible cadence.

[6]

Logs that Cloudflare provides to customers are prepared by other tools called Logfwdr and Logreceiver.

On November 14, Cloudflare made a change to Logpush, designed to support an additional dataset.

It was a buggy change – it "essentially informed Logfwdr that no customers had logs configured to be pushed."

[7]Cloudflare beats patent troll so badly it basically gives up

[8]Cloudflare tightens screws on site-gobbling AI bots

[9]Malaysia's plan to block overseas DNS dies after a day

[10]Time Lords decree: No leap second needed in 2024

Cloudflare staff noticed the problem and reverted the change in under five minutes.

But the incident triggered another bug in Logfwdr that meant, under circumstances like the Logpush mess, all log events for all customers would be pushed into the system – instead of just for those customers who had configured a Logpush job.

[11]

The resulting flood of info is what caused the outage, and the loss of some logfiles.

Cloudflare has admonished itself for the incident. It conceded it did most of the work to prevent this sort of thing – but didn't quite finish the job. Its post likens the situation to failing to fasten a car seatbelt – the safety systems are built in and work, but they're useless if not employed.

The networking giant will try to avoid this sort of mess in future with automated alerts that mean misconfigurations "will be impossible to miss" – brave words. It also plans extra testing to prepare itself for the impact of datacenter and/or network outages and system overloads. ®

Get our [12]Tech Resources



[1] https://blog.cloudflare.com/cloudflare-incident-on-november-14-2024-resulting-in-lost-logs/

[2] https://developers.cloudflare.com/logs/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0andUx1tDYrMVKhYc5CTwAAAQY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0andUx1tDYrMVKhYc5CTwAAAQY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0andUx1tDYrMVKhYc5CTwAAAQY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0andUx1tDYrMVKhYc5CTwAAAQY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/10/03/patent_shakedown_fails_as_troll/

[8] https://www.theregister.com/2024/09/24/cloudflare_ai_audit/

[9] https://www.theregister.com/2024/09/10/malaysias_dns_blocking_plan_paused/

[10] https://www.theregister.com/2024/07/05/iers_decrees_no_leap_second/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0andUx1tDYrMVKhYc5CTwAAAQY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/



A CODE OF ETHICAL BEHAVIOR FOR PATIENTS:

4. DO NOT COMPLAIN IF THE TREATMENT FAILS TO BRING RELIEF.
You must believe that your doctor has achieved a deep insight into
the true nature of your illness, which transcends any mere permanent
disability you may have experienced.

5. NEVER ASK YOUR DOCTOR TO EXPLAIN WHAT HE IS DOING OR WHY HE IS DOING IT.
It is presumptuous to assume that such profound matters could be
explained in terms that you would understand.

6. SUBMIT TO NOVEL EXPERIMANTAL TREATMENT READILY.
Though the surgery may not benefit you directly, the resulting
research paper will surely be of widespread interest.