I have a request to find a way of exporting logs from Umbraco Cloud into a third party SEAM tool. However there is a hard coded lifetime of 12 hours on the IIS logging before it gets automatically turned off. We need to be able to send them a list of the URLs/IPs being requested to heuristically identify possible hacking/attack attempts. Has anyone had this requirement and does anyone have a suggestion of a way this could be achieved? My thinking is that we might need to implement some kind of log ourselves within the Umbraco application that we batch up and send across to the SEAM tool via it's REST API as I know the original untranslated remote IP is available in a HTTP header. Any suggestions?

Make sure to talk to the Cloud Support team. As I recall, IIS logging is a very expensive service and therefore it is strictly time limited. Also consider that 1. your cloud site is behind cloudflare which catches most attacks 2. your cloud site is on azure which catches most attacks not caught by cloudflare 3. you should probably audit your custom code to make sure it's secure, be proactive instead of reactive