Decoding a DLP forensic copy

[ThomasIAm]

Summary

Add documentation on how to decode DLP forensic copies.

Screenshots (optional)

Documentation checklist

• The change adheres to the documentation style guide.

[cloudflare-docs-bot]

Review

⚠️ 4 warnings, 💡 1 suggestion found in commit 4e39e2b.

Fan Out Code Review

This code review is in beta and may not always be helpful — use your judgment.

Warnings (3)

File	Issue
cloudflare-one/data-loss-prevention/dlp-policies/logging-options.mdx line 164	Misleading format description — Step 3 says the decompressed file is in Common Log Format (CLF) and lists CLF fields like client IP, request method, URL, status code, and user agent, but the example log at lines 168-181 is a single JSON object containing unrelated fields. Fix: Align the description with the actual log schema shown in the example or replace the example with a real CLF line.
cloudflare-one/data-loss-prevention/dlp-policies/logging-options.mdx line 159	Misleading output filename — The gunzip example writes the decompressed output to a .log.json file, while the surrounding text says the result is Common Log Format, not JSON. Fix: Use a .log or .log.txt extension, or match the filename extension to the actual format described.
cloudflare-one/data-loss-prevention/dlp-policies/logging-options.mdx line 191	Inconsistent example input — Step 2 tells readers to decompress the .log.gz file and step 3 inspects the decompressed log, but the cf-dlp-decode example in step 4 passes the compressed .log.gz file as input instead of the decompressed log. Fix: Use the decompressed file path as input to cf-dlp-decode, or clarify that cf-dlp-decode reads the original compressed file and adjust the preceding steps accordingly.

Style Guide Review

Warnings (1)

File	Issue
cloudflare-one/data-loss-prevention/dlp-policies/logging-options.mdx line 136	Headings should use imperative form — Adds body heading ### Decoding a DLP forensic copy beginning with -ing verb Fix: Change to ### Decode a DLP forensic copy

Suggestions (1)

File	Issue
cloudflare-one/data-loss-prevention/dlp-policies/logging-options.mdx line 186	Avoid LLM-filler phrases — Step contains Note that the payload is encoded in Base64... Fix: Remove Note that and state the fact directly, e.g. The payload is encoded in Base64, so you must decode it...

Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command	Description
/review	Runs a review now. Incremental if a prior review exists, full if not.
/full-review	Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.
/fan-out-review	Forces a full review using the per-file fan-out mode regardless of diff size. Each file is reviewed in its own session for maximum per-file detail. ⚠️ This may take a very long time on large PRs and may fail or time out — use only when you want the most thorough review and are willing to wait.
/holistic-review	Forces a full review using the holistic mode regardless of diff size. The entire diff is reviewed in one pass, enabling cross-file reasoning. Faster and more reliable on large PRs.
/ignore-review-limit	Permanently lifts the 2-review automatic limit for this PR. Future pushes will trigger reviews as normal.