Tailscale logging to custom log stores?

Is it possible to get a copy of our Tailscale log stream into a service like CloudWatch or Humio, for eg. internal auditing?

It seems as if https://tailscale.com/kb/1011/log-mesh-traffic hints at the possibility, but it doesn’t really point to any more details, and https://tailscale.com/kb/1014/log-api appears to serve other use cases.

This is currently available for high-volume customers. We’re working on a nice API for streaming the collected diagnostic data from your nodes into your own logging system so that everyone can have it, but it needs more refinement first so it doesn’t become a support nightmare. :slight_smile:

Meanwhile, on Linux machines you can capture from syslog (journald). There are no more logs than what you see there.

1 Like

Ahh ok, great – that should fit well enough for us then! Since we’re mostly working through a couple of relays with subnet routing, I assume that any “interesting” access patterns from connected clients will be visible in the relay logs?

Yes, that should work fine. Let us know if you need any help interpreting the logs!