How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

What difficulty level is this interview question?

This is a medium difficulty System Design question, commonly asked during Onsite rounds at Cloudflare.

What role is this question designed for?

This question is commonly asked for Software Engineer candidates at Cloudflare during technical interviews.

Design an encrypted log collection system | Cloudflare Interview Question

Q: Design an encrypted log collection system

This question evaluates competence in distributed systems design, secure transport and storage, encryption and key management, scalability, and observability for log/event collection across multiple edge data centers.

Scenario

Design a log collection system that gathers logs/events from services running in multiple edge data centers and delivers them to a central platform.

Requirements

Multi-region/edge ingestion: Logs originate from many edge data centers.
Secure transport: Logs must be encrypted in transit while being collected and forwarded.
(Typically expected) Secure storage: Consider encryption at rest and access control.
The initial prompt may be underspecified; you should clarify:
- Is this primarily real-time streaming (e.g., alerting) or batch analytics (warehouse/data lake), or both?
- Expected throughput (events/sec, peak factors), average event size, and retention period.
- SLA/SLOs: end-to-end latency, durability (acceptable loss), and availability.
- Compliance constraints (PII, GDPR/CCPA, data residency).
- Query patterns (search by trace id, full-text search, aggregations).

Deliverable

Propose an end-to-end architecture including:

Edge collection/agent design
Cross-DC transport
Central ingestion, buffering, storage
Encryption/key management approach
Failure handling, backpressure, and observability

Scenario

Design a log collection system that gathers logs/events from services running in multiple edge data centers and delivers them to a central platform.

Requirements

Multi-region/edge ingestion: Logs originate from many edge data centers.

Secure transport: Logs must be encrypted in transit while being collected and forwarded.

(Typically expected) Secure storage: Consider encryption at rest and access control.

The initial prompt may be underspecified; you should clarify:

Is this primarily real-time streaming (e.g., alerting) or batch analytics (warehouse/data lake), or both?
Expected throughput (events/sec, peak factors), average event size, and retention period.
SLA/SLOs: end-to-end latency, durability (acceptable loss), and availability.
Compliance constraints (PII, GDPR/CCPA, data residency).
Query patterns (search by trace id, full-text search, aggregations).

Deliverable

Propose an end-to-end architecture including:

Edge collection/agent design

Cross-DC transport

Central ingestion, buffering, storage

Encryption/key management approach

Failure handling, backpressure, and observability

Design an encrypted log collection system

Quick Overview

Scenario

Requirements

Deliverable

Solution

Submit Your Answer to Earn 20XP

Design an encrypted log collection system

Quick Overview

Scenario

Requirements

Deliverable

Solution

Submit Your Answer to Earn 20XP