From 047dbda136d0810839abcd09944371f647ac9f31 Mon Sep 17 00:00:00 2001 From: Florian Preinstorfer Date: Sun, 19 Oct 2025 07:19:49 +0200 Subject: [PATCH] Add FAQ on how to disable log submission Fixes: #2793 --- config-example.yaml | 10 ++++++---- docs/about/faq.md | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/config-example.yaml b/config-example.yaml index 3d5a6a4d..ec14dc03 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -393,11 +393,13 @@ unix_socket_permission: "0770" # method: S256 # Logtail configuration -# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel -# to instruct tailscale nodes to log their activity to a remote server. +# Logtail is Tailscales logging and auditing infrastructure, it allows the +# control panel to instruct tailscale nodes to log their activity to a remote +# server. To disable logging on the client side, please refer to: +# https://tailscale.com/kb/1011/log-mesh-traffic#opting-out-of-client-logging logtail: - # Enable logtail for this headscales clients. - # As there is currently no support for overriding the log server in headscale, this is + # Enable logtail for tailscale nodes of this Headscale instance. + # As there is currently no support for overriding the log server in Headscale, this is # disabled by default. Enabling this will make your clients send logs to Tailscale Inc. enabled: false diff --git a/docs/about/faq.md b/docs/about/faq.md index e67a47d9..ecedf198 100644 --- a/docs/about/faq.md +++ b/docs/about/faq.md @@ -159,3 +159,19 @@ indicates which part of the policy is invalid. Follow these steps to fix your po The above commands to get/set the policy require a complete server configuration file including database settings. A minimal config to [control Headscale via remote CLI](../ref/remote-cli.md) is not sufficient. You may use `headscale -c /path/to/config.yaml` to specify the path to an alternative configuration file. + +## How can I avoid to send logs to Tailscale Inc? + +A Tailscale client [collects logs about its operation and connection attempts with other +clients](https://tailscale.com/kb/1011/log-mesh-traffic#client-logs) and sends them to a central log service operated by +Tailscale Inc. + +Headscale, by default, instructs clients to disable log submission to the central log service. This configuration is +applied by a client once it successfully connected with Headscale. See the configuration option `logtail.enabled` in the +[configuration file](../ref/configuration.md) for details. + +Alternatively, logging can also be disabled on the client side. This is independent of Headscale and opting out of +client logging disables log submission early during client startup. The configuration is operating system specific and +is usually achieved by setting the environment variable `TS_NO_LOGS_NO_SUPPORT=true` or by passing the flag +`--no-logs-no-support` to `tailscaled`. See + for details.