Tunnel logs
Tunnel logs record all activity between a cloudflared instance and Cloudflare’s global network, as well as all activity between cloudflared and your origin server. These logs allow you to investigate connectivity or performance issues with a Cloudflare Tunnel. You can configure your server to store persistent logs, or you can stream real-time logs from any client machine.
View logs on the server
If you have access to the origin server, you can enable logging when you start the tunnel:
$ cloudflared tunnel --loglevel debug run <UUID>
The --loglevel flag indicates the logging level for the local cloudflared instance, which can be one of {debug, info, warn, error, fatal} (default: info). At the debug level, cloudflared will log and display the request URL, method, protocol, content length, as well as all request and response headers. However, note that this can expose sensitive information in your logs.
Write logs to file
By default, cloudflared prints logs to stdout and does not store logs on the server. You can use the --logfile flag to save your logs to a file:
$ cloudflared tunnel --logfile mytunnel.log run <UUID>
View logs on a client
You can view real-time logs for a Cloudflare Tunnel from any machine that has cloudflared installed. With this method, you do not need to SSH into the server that is running the tunnel.
CLI
The cloudflared daemon can stream logs from any tunnel in your account to the local command line.
Prerequisites
cloudflaredversion 2023.5.0 or higher is installed on both your local machine and the origin server.- The tunnel is active and able to receive requests.
View logs
On your local machine, authenticate
cloudflaredto your Zero Trust account:$ cloudflared tunnel loginRun
cloudflared tailfor a specific tunnel:$ cloudflared tail <UUID>For a more structured view of the JSON message, you can pipe the output to tools like jq:
$ cloudflared tail --output=json <UUID> | jq .
Filter logs
You can filter logs by event type (--event), event level (--level), or sampling rate (-sampling) to reduce the volume of logs streamed from the origin. This helps mitigate the performance impact on the origin, especially when the origin is normally under high load. For example:
$ cloudflared tail --level debug <UUID>
| Flag | Description | Allowed values | Default value |
|---|---|---|---|
--event | Filter by the type of event / request. | cloudflared, http, tcp, udp | All events |
--level | Return logs at this level and above. Works independently of the --loglevel setting on the server. | debug, info, warn, error, fatal | debug |
--sampling | Sample a fraction of the total logs. | Number from 0.0 to 1.0 | 1.0 |
View logs for a replica
If you are running multiple cloudflared instances for the same tunnel (also known as replicas), you must specify an individual instance to stream logs from:
- In Zero Trust, go to Access > Tunnels and select your tunnel.
- Find the Connector ID for the
cloudflaredinstance you want to view. - Specify the Connector ID in
cloudflared tail:$ cloudflared tail --connector-id <CONNECTOR ID> <UUID>
Performance considerations
- The logging session will only be held open for one hour. All logging systems introduce some level of performance overhead, and this limit helps prevent longterm impact to your tunnel’s end-to-end latencies.
- When streaming logs for a high throughput tunnel, Cloudflare intentionally prioritizes service stability over log delivery. To reduce the number of dropped logs, try requesting fewer logs. To ensure that you are seeing all logs, view logs on the server instead of streaming the logs remotely.