feat: support disabling remote log uploads #695
Conversation
mnahkies
force-pushed
the
mn/13174/opt-out-remote-logs
branch
from
579dfd0 to
f57aede
Compare
| @@ -346,6 +346,8 @@ | |||
| <string name="run_as_subnet_router">Run as subnet router</string> | |||
| <string name="use_tailscale_subnets_subtitle">Route traffic according to your network\'s rules. Some networks require this to access IP addresses that don\'t start with 100.x.y.z.</string> | |||
| <string name="subnet_routing">Subnet routing</string> | |||
| <string name="client_remote_logging_enabled">Remote client logging</string> | |||
| <string name="client_remote_logging_enabled_subtitle">Equivalent to --no-logs-no-support on Linux.\nChanges require restarting the app to take effect.</string> | |||
There was a problem hiding this comment.
This is pretty nerdy. We don't need to reference the flag name or Linux here and can just explain the implications:
No debug logs, no support, prevents using Network Flow logs, etc.
Like "Whether debug logs are uploaded to Tailscale support."
It's admittedly hard to fit all the nuance in a couple lines of text.
There was a problem hiding this comment.
It's a bit wordy, but perhaps something like this?
Couple other thoughts:
- Should the "Bug report" button be hidden when logs are disabled?
- Is this fine as a top-level settings item, or would it be better under "Permissions"?
- How does / should this interact with MDM settings? (I fear I might be opening a can of worms with this one, as it might require backend changes to closed source components? 😅)
There was a problem hiding this comment.
Another thought on MDM: assuming I'm correct that this would need to be controllable through MDM (to enforce flow logs are produced for enterprise) - is there a stepping stone where we could force this setting on when any MDM is employed, and then later make it an individually configurable MDM setting?
There was a problem hiding this comment.
I've taken a stab at implementing what I think respecting MDM could look like in 04fd66c (has an outstanding todo to handle async config updates correctly, and I haven't been able to enroll a device to test e2e properly yet)
TBH for my purposes, I can probably just run a custom build with this patch applied, though I do think it would be nice to land in main - particularly in the headscale use-case, sending logs to tailscale doesn't make a lot of sense to me, which as far as I can tell would currently occur.
Updates tailscale/tailscale#13174 - adds a new switch to the settings page for enabling/disabling remote log uploads - calls the `Disable` function from the `logtail` package during init when the setting is turn off ref: https://pkg.go.dev/tailscale.com/logtail#Disable Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
mnahkies
force-pushed
the
mn/13174/opt-out-remote-logs
branch
from
d21583b to
0603fee
Compare
Signed-off-by: Michael Nahkies <michael@nahkies.co.nz>
relates: tailscale/tailscale#13174
adds a new switch to the settings page for enabling/disabling remote log uploads
calls the
Disablefunction from thelogtailpackage during init when the setting is turned offref: https://pkg.go.dev/tailscale.com/logtail#Disable
Expand for Screenshot