The Log Blog

The blog post details Tailscale's logging infrastructure, which is influenced by a design by the CEO, apenwarr, involving the handling and parsing of distributed logging systems. Unlike embedded systems, Tailscale's logging system does not face kernel constraints and features a complex pipeline where logs are produced by clients, temporarily stored locally if the server is unavailable, and then processed by a grinder service that extracts structured data for real-time analysis, with parsed data stored primarily in memory. The system avoids logging personally identifiable information and focuses on processing metadata about network connections and the health of Tailscale processes, enabling users to view real-time network statuses and other analytics through the admin console. The logs server uses log IDs to associate logs with users and machines, maintaining anonymity while parsing connectivity data into network graphs. The data is processed swiftly, within 150 microseconds, and although user-facing visualizations are not fully integrated yet, the infrastructure aims to enhance user understanding of their Tailscale networks.