Skip to content

Conversation

@mnahkies
Copy link
Contributor

relates: tailscale/tailscale#13174

  • adds a new switch to the settings page for enabling/disabling remote log uploads

  • calls the Disable function from the logtail package during init when the setting is turned off

ref: https://pkg.go.dev/tailscale.com/logtail#Disable

Expand for Screenshot

image

<string name="use_tailscale_subnets_subtitle">Route traffic according to your network\'s rules. Some networks require this to access IP addresses that don\'t start with 100.x.y.z.</string>
<string name="subnet_routing">Subnet routing</string>
<string name="client_remote_logging_enabled">Remote client logging</string>
<string name="client_remote_logging_enabled_subtitle">Equivalent to --no-logs-no-support on Linux.\nChanges require restarting the app to take effect.</string>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is pretty nerdy. We don't need to reference the flag name or Linux here and can just explain the implications:

No debug logs, no support, prevents using Network Flow logs, etc.

Like "Whether debug logs are uploaded to Tailscale support."

It's admittedly hard to fit all the nuance in a couple lines of text.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a bit wordy, but perhaps something like this?
image

Couple other thoughts:

  • Should the "Bug report" button be hidden when logs are disabled?
  • Is this fine as a top-level settings item, or would it be better under "Permissions"?
  • How does / should this interact with MDM settings? (I fear I might be opening a can of worms with this one, as it might require backend changes to closed source components? 😅)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another thought on MDM: assuming I'm correct that this would need to be controllable through MDM (to enforce flow logs are produced for enterprise) - is there a stepping stone where we could force this setting on when any MDM is employed, and then later make it an individually configurable MDM setting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've taken a stab at implementing what I think respecting MDM could look like in 04fd66c (has an outstanding todo to handle async config updates correctly, and I haven't been able to enroll a device to test e2e properly yet)

TBH for my purposes, I can probably just run a custom build with this patch applied, though I do think it would be nice to land in main - particularly in the headscale use-case, sending logs to tailscale doesn't make a lot of sense to me, which as far as I can tell would currently occur.

Updates tailscale/tailscale#13174

- adds a new switch to the settings page for
  enabling/disabling remote log uploads

- calls the `Disable` function from the `logtail`
  package during init when the setting is turn off

ref: https://pkg.go.dev/tailscale.com/logtail#Disable

Signed-off-by: Michael Nahkies <[email protected]>
Signed-off-by: Michael Nahkies <[email protected]>
@mnahkies mnahkies force-pushed the mn/13174/opt-out-remote-logs branch from d21583b to 0603fee Compare September 5, 2025 06:57
@Mynacol
Copy link

Mynacol commented Oct 12, 2025

Hi, thanks for making this PR. I was lurking for about a year on this issue/fr to be implemented upstream. Can we bring it over the finishing line?
@mnahkies Can you resolve the merge conflicts?
@bradfitz May you have another look at this PR?
TIA!

(I had my own stab at this, but only added the logtail.Disable() call unconditionally)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants