-
Notifications
You must be signed in to change notification settings - Fork 548
feat: support disabling remote log uploads #695
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
579dfd0 to
f57aede
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is pretty nerdy. We don't need to reference the flag name or Linux here and can just explain the implications:
No debug logs, no support, prevents using Network Flow logs, etc.
Like "Whether debug logs are uploaded to Tailscale support."
It's admittedly hard to fit all the nuance in a couple lines of text.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a bit wordy, but perhaps something like this?
image
Couple other thoughts:
- Should the "Bug report" button be hidden when logs are disabled?
- Is this fine as a top-level settings item, or would it be better under "Permissions"?
- How does / should this interact with MDM settings? (I fear I might be opening a can of worms with this one, as it might require backend changes to closed source components? 😅)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another thought on MDM: assuming I'm correct that this would need to be controllable through MDM (to enforce flow logs are produced for enterprise) - is there a stepping stone where we could force this setting on when any MDM is employed, and then later make it an individually configurable MDM setting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've taken a stab at implementing what I think respecting MDM could look like in 04fd66c (has an outstanding todo to handle async config updates correctly, and I haven't been able to enroll a device to test e2e properly yet)
TBH for my purposes, I can probably just run a custom build with this patch applied, though I do think it would be nice to land in main - particularly in the headscale use-case, sending logs to tailscale doesn't make a lot of sense to me, which as far as I can tell would currently occur.
Updates tailscale/tailscale#13174 - adds a new switch to the settings page for enabling/disabling remote log uploads - calls the `Disable` function from the `logtail` package during init when the setting is turn off ref: https://pkg.go.dev/tailscale.com/logtail#Disable Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
d21583b to
0603fee
Compare
Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
Mynacol
commented
Oct 12, 2025
Hi, thanks for making this PR. I was lurking for about a year on this issue/fr to be implemented upstream. Can we bring it over the finishing line?
@mnahkies Can you resolve the merge conflicts?
@bradfitz May you have another look at this PR?
TIA!
(I had my own stab at this, but only added the logtail.Disable() call unconditionally)
relates: tailscale/tailscale#13174
adds a new switch to the settings page for enabling/disabling remote log uploads
calls the
Disablefunction from thelogtailpackage during init when the setting is turned offref: https://pkg.go.dev/tailscale.com/logtail#Disable
Expand for Screenshot
image