From 5639d5dee0b39090c458c8e3da65f375200c38f8 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 11 Dec 2024 18:51:40 -0500 Subject: [PATCH 01/16] update existing logs page --- .../tunnel-run-parameters.mdx | 8 ++-- .../connect-networks/monitor-tunnels/logs.mdx | 38 ++++++------------- 2 files changed, 15 insertions(+), 31 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx index edb319396df9bff..e5e3acf6eac5e6a 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx @@ -22,7 +22,7 @@ By default, `cloudflared` will periodically check for updates and restart with t :::note -For locally-managed tunnels only. +For locally-managed tunnels only. ::: | Syntax | Default | @@ -75,7 +75,7 @@ Saves application log to this file. Mainly useful for reporting issues. For more | ---------------------------------------------------------- | ------- | -------------------- | | `cloudflared tunnel --loglevel run ` | `info` | `TUNNEL_LOGLEVEL` | -Specifies the verbosity of logging. The default `info` level does not produce much output, but you may wish to use the `warn` level in production. Available values are: `debug`, `info`, `warn`, `error`, `fatal`. +Specifies the verbosity of logging for the local `cloudflared` instance. Available values are `debug`, `info` (default), `warn`, `error`, and `fatal`. At the `debug` level, `cloudflared` will log and display the request URL, method, protocol, content length, as well as all request and response headers. However, note that this can expose sensitive information in your logs. ## `metrics` @@ -97,7 +97,7 @@ Disables automatic `cloudflared` updates. See also: [`autoupdate-freq`](#autoupd :::note -For locally-managed tunnels only. +For locally-managed tunnels only. ::: | Syntax | Default | Environment Variable | @@ -152,7 +152,7 @@ Specifies custom tags used to identify this tunnel. Multiple tags may be specifi :::note -For remotely-managed tunnels only. +For remotely-managed tunnels only. ::: | Syntax | Environment Variable | diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx index a404056a2bc01da..63ccffccf4abe2f 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx @@ -1,58 +1,42 @@ --- pcx_content_type: reference -title: Logs +title: Log streaming sidebar: order: 1 head: - tag: title - content: Tunnel logs + content: Tunnel log streams --- Tunnel logs record all activity between a `cloudflared` instance and Cloudflare's global network, as well as all activity between `cloudflared` and your origin server. These logs allow you to investigate connectivity or performance issues with a Cloudflare Tunnel. You can configure your server to store persistent logs, or you can stream real-time logs from any client machine. ## View logs on the server -If you have access to the origin server, you can enable logging when you start the tunnel: +If you have access to the origin server, you can use the [`--loglevel` flag](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#loglevel) to enable logging when you start the tunnel. By default, `cloudflared` prints logs to stdout and does not store logs on the server. You can optionally use the [`--logfile` flag](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#logfile) to write your logs to a file. -```sh -cloudflared tunnel --loglevel debug run -``` - -The [`--loglevel` flag](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#loglevel) indicates the logging level for the local `cloudflared` instance, which can be one of {`debug`, `info`, `warn`, `error`, `fatal`} (default: `info`). At the `debug` level, `cloudflared` will log and display the request URL, method, protocol, content length, as well as all request and response headers. However, note that this can expose sensitive information in your logs. - -### Write logs to file - -By default, `cloudflared` prints logs to stdout and does not store logs on the server. You can use the [`--logfile` flag](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#logfile) to save your logs to a file: +To enable logs for a locally-managed tunnel: ```sh -cloudflared tunnel --logfile mytunnel.log run +cloudflared tunnel --loglevel debug --logfile cloudflared.log run ``` +To enable logs for a remotely-managed tunnel, add `--loglevel debug` and `--logfile ` to your system service as shown in [Add tunnel run parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management/#add-tunnel-run-parameters). + ## View logs on your local machine -You can view real-time logs for a Cloudflare Tunnel via the dashboard or from any machine that has `cloudflared` installed. With remote log streams, you do not need to SSH into the server that is running the tunnel. +You can view real-time logs for a Cloudflare Tunnel via the dashboard or from any machine that has `cloudflared` installed. With remote log streams, you do not need to SSH into the server that is running the tunnel. To get remote logs, the tunnel must be active and able to receive requests. ### Dashboard -#### Prerequisites +Dashboard log streams are only available for remotely-managed tunnels. To view logs from the dashboard: -- `cloudflared` version 2023.5.1 or higher is installed on the origin server. -- The tunnel is active and able to receive requests. - -#### View logs - -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels** and select your tunnel. +1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels** and select a remotely-managed tunnel. 2. In the sidebar, select the **Connector ID** for the `cloudflared` instance you want to view. 3. Select **Begin log stream**. ### CLI -The `cloudflared` daemon can stream logs from any tunnel in your account to the local command line. - -#### Prerequisites - -- `cloudflared` version 2023.5.1 or higher is installed on both your local machine and the origin server. -- The tunnel is active and able to receive requests. +The `cloudflared` daemon can stream logs from any tunnel in your account to the local command line. `cloudflared` must be installed on both your local machine and the origin server. #### View logs From ef9d3a488a48c7995bd8326fa619976cf9adc37a Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 19 Dec 2024 18:19:23 -0500 Subject: [PATCH 02/16] add metrics info --- .../tunnel-run-parameters.mdx | 4 +-- .../monitor-tunnels/metrics.mdx | 28 +++++++++++++------ 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx index a219b24d6521f9c..ccfcbbe8250c626 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters.mdx @@ -81,9 +81,9 @@ Specifies the verbosity of logging for the local `cloudflared` instance. Availab | Syntax | Default | Environment Variable | | ----------------------------------------------------------- | ------------ | -------------------- | -| `cloudflared tunnel --metrics run ` | `localhost:` | `TUNNEL_METRICS` | +| `cloudflared tunnel --metrics run ` | Refer to [Tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/)| `TUNNEL_METRICS` | -Exposes a Prometheus endpoint on the specified IP address/port, which you can then query for [usage metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). +Exposes a Prometheus endpoint on the specified IP address and port, which you can then query for [usage metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). ## `no-autoupdate` diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx index 2946836ec07d94f..c629608e8ec2bcd 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx @@ -6,16 +6,27 @@ sidebar: head: - tag: title content: Tunnel metrics -tableOfContents: false --- -Tunnel metrics show a Cloudflare Tunnel's throughput and resource usage over time. When you run a tunnel, you can configure `cloudflared` to spin up a Prometheus metrics endpoint — an HTTP server that exposes metrics in [Prometheus](https://prometheus.io/docs/introduction/overview/) format. You can then use the Prometheus toolkit on a remote machine to scrape metrics data from the `cloudflared` server. +Tunnel metrics show a Cloudflare Tunnel's throughput and resource usage over time. When you run a tunnel, `cloudflared` will spin up a Prometheus metrics endpoint — an HTTP server that exposes metrics in [Prometheus](https://prometheus.io/docs/introduction/overview/) format. You can use the Prometheus toolkit on a remote machine to scrape metrics data from the `cloudflared` server. -## Start the metrics server +## Default metrics server address -Perform these steps on the `cloudflared` server. +In non-containerized environments, `cloudflared` starts the metrics server on `127.0.0.1:/metrics`, where `` is the first available port in the range `20241` to `20245`. In case of all ports being unavailable then the fallback is to bind to a random port. In containerized environments such as Docker and Kubernetes, the default address is `0.0.0.0:/metrics`. -1. Use the [--metrics](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#metrics) flag to create a metrics endpoint at the specified IP address and port. Here is an example command for a locally-managed tunnel: +## Check the metrics server address + +To determine the metrics server address that is being used by a `cloudflared` instance, check your [Tunnel logs](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/) around the time when the tunnel started. For example: + +```text +2024-12-19T21:17:58Z INF Starting metrics server on 127.0.0.1:20241/metrics +``` + +## Configure the metrics server address + +To serve metrics on a custom IP address and port, perform these steps on the `cloudflared` host: + +1. Run the tunnel using the [--metrics](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#metrics) flag. Here is an example command for a locally-managed tunnel: ```sh cloudflared tunnel --metrics 127.0.0.1:60123 run my-tunnel @@ -23,10 +34,9 @@ Perform these steps on the `cloudflared` server. To learn how to add the `--metrics` flag to a remotely-managed tunnel, refer to [Configure a remotely-managed tunnel](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management/#add-tunnel-run-parameters). -:::note - -If you plan to fetch metrics from another machine on the local network, replace `127.0.0.1` with the internal IP of the `cloudflared` server (for example, `198.168.x.x`). To serve metrics on all available network interfaces, use `0.0.0.0`. -::: + :::note + If you plan to fetch metrics from another machine on the local network, replace `127.0.0.1` with the internal IP of the `cloudflared` server (for example, `198.168.x.x`). To serve metrics on all available network interfaces, use `0.0.0.0`. + ::: 2. Verify that the metrics server is running by going to `http://localhost:60123/metrics`. This will only work if you configured a localhost IP (`127.0.0.1` or `0.0.0.0`). From 2844e6f25586db01eb2cbf272eaf3891dd00e498 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 19 Dec 2024 20:13:33 -0500 Subject: [PATCH 03/16] update title --- .../connections/connect-networks/monitor-tunnels/logs.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx index 63ccffccf4abe2f..3eb0b4f45ed7bfb 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/logs.mdx @@ -1,6 +1,6 @@ --- pcx_content_type: reference -title: Log streaming +title: Log streams sidebar: order: 1 head: From c1a4f8ce4df853dbebae894bece46efde0513d70 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 19 Dec 2024 20:13:42 -0500 Subject: [PATCH 04/16] instructions for getting logs --- .../troubleshoot-tunnels/diag-logs.mdx | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx new file mode 100644 index 000000000000000..b88d36651a3cd2f --- /dev/null +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -0,0 +1,138 @@ +--- +pcx_content_type: how-to +title: Diagnostic logs +sidebar: + order: 1 +head: + - tag: title + content: Tunnel diagnostic logs +--- + +Cloudflare Tunnel generates a set of diagnostic logs that can be used to troubleshoot issues with `cloudflared`. A diagnostic report covers a single instance of `cloudflared`. + +## Get diagnostic logs + +The steps for getting diagnostic logs depend on your `cloudflared` deployment environment. +### Prerequisites + +- Access to the `cloudflared` host being diagnosed +- `cloudflared` version 2024.12.2 or later + +### Host environment + +These instructions apply to remotely-managed and locally-managed tunnels running directly on the host machine. + +1. (Linux only) Allow the `cloudflared` user to create RAW and PACKET sockets without root permissions: + +```sh +sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute +``` + +2. Get diagnostic logs: + +```sh +cloudflared tunnel diag +``` + +If multiple instances of `cloudflared` are running on the same host, specify the [metrics server address](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address) for the instance you want to diagnose: + +```sh +cloudflared tunnel diag --metrics 127.0.0.1:20241 +``` + +This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. + +### Docker + +`cloudflared` reads diagnostic data from the `cloudflared` [metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). Therefore, the metrics server must be exposed from the Docker container and reachable from the host machine. + +Run the following commands on the `cloudflared` host: + +1. Verify that you can reach the metrics server address. For example, if the metrics server is listening at `0.0.0.0:20241`, run the following command: + +```sh +curl localhost:20241/diag/tunnel +``` + +This command should return a JSON: +```json +{ + "tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f", + "connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523", + "connections": [ + { "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3} + ], + "icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"] +} +``` + +2. If the metrics server is not reachable, deploy the container again and expose the port: + +```sh +docker run -d -p 20241:20241 docker.io/cloudflare/cloudflared tunnel ... +``` + +3. Take note of the container ID and then run the diagnostic: + +```sh +cloudflared tunnel diag --diag-container-id= +``` + +Alternatively, you can specify the container's name instead of its ID: +```sh +cloudflared tunnel diag --diag-container-id= +``` + +This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. + +### Kubernetes + +`cloudflared` reads diagnostic data from the `cloudflared` [metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). You must use port forwarding to expose the metrics server running in a Kubernetes cluster. + +Run the following commands on the `cloudflared` host: + +1. Forward a local port to the `cloudflared` metrics server port: + +```sh +kubectl port-forward : +``` + +Alternatively, you can let `kubectl` choose an available local port: + +```sh +kubectl port-forward : +``` + +2. Run the diagnostic: + +```sh +cloudflared tunnel diag --diag-pod-id= +``` + +If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name: + +```sh +cloudflared tunnel diag --diag-pod-id= --diag-container-id= +``` + +This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. + + +------- +If you are managing the tunnel directly on the host: + +1. Enable debug logging when you start the tunnel: + +```sh +cloudflared tunnel --loglevel debug --logfile cloudflared.log run +``` + +## cloudflared-diag files + +The `cloudflared-diag-YYYY-MM-DDTHH-MM-SS.zip` archive contains the files listed below. The data in a file either applies to the `cloudflared` instance being diagnosed (`diagnosee`) or the instance that triggered the diagnosis (`diagnoser`). For example, if your tunnel is running in a Docker container, the diagnosee is the Docker instance and the diagnoser is the host machine instance. The diagnosee and diagnoser could also be the same instance. + +| File name | Description | Instance | +| -| - | - | From 319d8d7773a21d03488fac41436e1f08ddf10705 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 20 Dec 2024 12:53:25 -0500 Subject: [PATCH 05/16] add changelog entry --- src/content/changelogs/tunnel.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/content/changelogs/tunnel.yaml b/src/content/changelogs/tunnel.yaml index d3434f42a63d29f..bb4ec3f7ac1d359 100644 --- a/src/content/changelogs/tunnel.yaml +++ b/src/content/changelogs/tunnel.yaml @@ -5,6 +5,10 @@ productLink: "/cloudflare-one/connections/connect-networks/" productArea: Cloudflare One productAreaLink: /cloudflare-one/changelog/ entries: + - publish_date: "2024-12-19" + title: Tunnel diagnostic logs + description: |- + The latest `cloudflared` build [2024.12.2](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect troubleshooting information from one instance of `cloudflared` running on the local machine. For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/). - publish_date: "2024-10-17" title: Simplifed WARP Connector deployment description: |- From 518dac1cec53d55efcd964ee31558e9ea0a81380 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 20 Dec 2024 17:00:51 -0500 Subject: [PATCH 06/16] clarify port forwarding --- .../troubleshoot-tunnels/diag-logs.mdx | 143 +++++++++--------- 1 file changed, 73 insertions(+), 70 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index b88d36651a3cd2f..e26975d9e26ee8c 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -8,11 +8,14 @@ head: content: Tunnel diagnostic logs --- -Cloudflare Tunnel generates a set of diagnostic logs that can be used to troubleshoot issues with `cloudflared`. A diagnostic report covers a single instance of `cloudflared`. +import {Details} from "~/components"; + +Cloudflare Tunnel generates a set of diagnostic logs that can be used to troubleshoot issues with `cloudflared`. A diagnostic report collects data from a single instance of `cloudflared` running on the local machine. ## Get diagnostic logs The steps for getting diagnostic logs depend on your `cloudflared` deployment environment. + ### Prerequisites - Access to the `cloudflared` host being diagnosed @@ -24,111 +27,110 @@ These instructions apply to remotely-managed and locally-managed tunnels running 1. (Linux only) Allow the `cloudflared` user to create RAW and PACKET sockets without root permissions: -```sh -sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute -``` + ```sh + sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute + ``` 2. Get diagnostic logs: -```sh -cloudflared tunnel diag -``` + ```sh + cloudflared tunnel diag + ``` -If multiple instances of `cloudflared` are running on the same host, specify the [metrics server address](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address) for the instance you want to diagnose: + If multiple instances of `cloudflared` are running on the same host, specify the [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address) for the instance you want to diagnose. For example: -```sh -cloudflared tunnel diag --metrics 127.0.0.1:20241 -``` + ```sh + cloudflared tunnel diag --metrics 127.0.0.1:20241 + ``` This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. ### Docker -`cloudflared` reads diagnostic data from the `cloudflared` [metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). Therefore, the metrics server must be exposed from the Docker container and reachable from the host machine. +`cloudflared` reads diagnostic data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). Therefore, the metrics server must be exposed from the Docker container and reachable from the host machine. -Run the following commands on the `cloudflared` host: +1. Determine the tunnel's [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). In Docker environments, the default IP and port is `0.0.0.0:20241`. -1. Verify that you can reach the metrics server address. For example, if the metrics server is listening at `0.0.0.0:20241`, run the following command: +2. On the host machine, verify that you can reach the metrics server address. For example, if the metrics server is listening at `0.0.0.0:20241`, run the following command: -```sh -curl localhost:20241/diag/tunnel -``` + ```curl + curl localhost:20241/diag/tunnel + ``` -This command should return a JSON: -```json -{ - "tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f", - "connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523", - "connections": [ - { "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"}, - {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1}, - {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2}, - {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3} - ], - "icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"] -} -``` + This command should return a JSON: + ```json + { + "tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f", + "connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523", + "connections": [ + { "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3} + ], + "icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"] + } + ``` -2. If the metrics server is not reachable, deploy the container again and expose the port: +3. If the metrics server is unreachable, deploy the container again with port forwarding enabled. The diagnostic feature will try to request information from the Docker instance using ports `20241` to `20245`. You will need to forward one of these diagnostic ports to the metrics port. -```sh -docker run -d -p 20241:20241 docker.io/cloudflare/cloudflared tunnel ... -``` + ```sh + docker run -d -p : docker.io/cloudflare/cloudflared tunnel ... + ``` -3. Take note of the container ID and then run the diagnostic: + - `` is any port in the range `20241` to `20245`. + - `` is the metrics port for the `cloudflared` instance you want to diagnose (obtained in Step 1). -```sh -cloudflared tunnel diag --diag-container-id= -``` +3. Take note of the Docker container ID and then run the diagnostic: -Alternatively, you can specify the container's name instead of its ID: -```sh -cloudflared tunnel diag --diag-container-id= -``` + ```sh + cloudflared tunnel diag --diag-container-id= + ``` + + Alternatively, you can specify the container's name instead of its ID: + ```sh + cloudflared tunnel diag --diag-container-id= + ``` This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. ### Kubernetes -`cloudflared` reads diagnostic data from the `cloudflared` [metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). You must use port forwarding to expose the metrics server running in a Kubernetes cluster. +The diagnostic feature will request data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address) using ports `20241` to `20245`. You will need to use port forwarding to allow the local `cloudflared` instance to connect to the metrics server on one of these ports. -Run the following commands on the `cloudflared` host: -1. Forward a local port to the `cloudflared` metrics server port: +1. Determine the tunnel's [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). In Kubernetes deployments, the default IP and port is `0.0.0.0:20241`. -```sh -kubectl port-forward : -``` +2. Enable port forwarding: -Alternatively, you can let `kubectl` choose an available local port: + ```sh + kubectl port-forward : + ``` -```sh -kubectl port-forward : -``` + - ``: Name of the pod where the tunnel is running + - `` is any port in the range `20241` to `20245`. + - `` is the metrics port for the `cloudflared` instance you want to diagnose (obtained in Step 1). -2. Run the diagnostic: + For example, if you set the metrics server address to `0.0.0.0:12345`: -```sh -cloudflared tunnel diag --diag-pod-id= -``` + ```sh + kubectl port-forward http-echo-6d4897585b-r8kfz 20244:12345 + ``` + Connections made to local port `20244` are forwarded to port `1234` of the pod that is running the tunnel. -If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name: +3. Run the diagnostic: -```sh -cloudflared tunnel diag --diag-pod-id= --diag-container-id= -``` + ```sh + cloudflared tunnel diag --diag-pod-id= + ``` -This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. + If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name: + ```sh + cloudflared tunnel diag --diag-pod-id= --diag-container-id= + ``` -------- -If you are managing the tunnel directly on the host: - -1. Enable debug logging when you start the tunnel: - -```sh -cloudflared tunnel --loglevel debug --logfile cloudflared.log run -``` +This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. ## cloudflared-diag files @@ -136,3 +138,4 @@ The `cloudflared-diag-YYYY-MM-DDTHH-MM-SS.zip` archive contains the files listed | File name | Description | Instance | | -| - | - | +| | | | From 64ea887279a5187a22b99848ea777aa351a1969b Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 20 Dec 2024 17:01:03 -0500 Subject: [PATCH 07/16] edit changelog --- src/content/changelogs/tunnel.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/changelogs/tunnel.yaml b/src/content/changelogs/tunnel.yaml index bb4ec3f7ac1d359..c8ba0175596d427 100644 --- a/src/content/changelogs/tunnel.yaml +++ b/src/content/changelogs/tunnel.yaml @@ -8,7 +8,7 @@ entries: - publish_date: "2024-12-19" title: Tunnel diagnostic logs description: |- - The latest `cloudflared` build [2024.12.2](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect troubleshooting information from one instance of `cloudflared` running on the local machine. For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/). + The latest `cloudflared` build [2024.12.2](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance. For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/). - publish_date: "2024-10-17" title: Simplifed WARP Connector deployment description: |- From ec31ef21e4c3587a6c6331c5b81b0a6876fa3f60 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 20 Dec 2024 17:59:37 -0500 Subject: [PATCH 08/16] log files --- .../troubleshoot-tunnels/diag-logs.mdx | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index e26975d9e26ee8c..851908db3530f37 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -18,8 +18,7 @@ The steps for getting diagnostic logs depend on your `cloudflared` deployment en ### Prerequisites -- Access to the `cloudflared` host being diagnosed -- `cloudflared` version 2024.12.2 or later +- `cloudflared` version 2024.12.2 or later installed on the host ### Host environment @@ -134,8 +133,20 @@ This command will output the status of each diagnostic task and place a `cloudfl ## cloudflared-diag files -The `cloudflared-diag-YYYY-MM-DDTHH-MM-SS.zip` archive contains the files listed below. The data in a file either applies to the `cloudflared` instance being diagnosed (`diagnosee`) or the instance that triggered the diagnosis (`diagnoser`). For example, if your tunnel is running in a Docker container, the diagnosee is the Docker instance and the diagnoser is the host machine instance. The diagnosee and diagnoser could also be the same instance. +The `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` archive contains the files listed below. The data in a file either applies to the `cloudflared` instance being diagnosed (`diagnosee`) or the instance that triggered the diagnosis (`diagnoser`). For example, if your tunnel is running in a Docker container, the diagnosee is the Docker instance and the diagnoser is the host instance. | File name | Description | Instance | | -| - | - | -| | | | +| `cli-configuration.json`| [Tunnel run parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/) used when starting the tunnel | diagnosee| +| `cloudflared_logs.txt` | [Tunnel log file](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/)[^1] | diagnosee| +| `configuration.json` | Tunnel configuration parameters | diagnosee| +| `goroutine.pprof` | goroutine profile made available by `pprof` | diagnosee| +| `heap.pprof` | heap profile made available by `pprof`| diagnosee| +| `metrics.txt` | Snapshot of [Tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#available-metrics) at the time of diagnosis | diagnosee| +| `network.txt` | JSON traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser| +| `raw-network.txt` | Raw traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser| +| `systeminformation.json` | Operating system information and resource usage | diagnosee| +| `task-result.json` | Result of each diagnostic task | diagnoser | +| `tunnelstate.json` | Tunnel connections at the time of diagnosis| diagnosee| + +[^1]: If the log file is blank, you may need to manually [set the `--loglevel` parameter](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/#view-logs-on-the-server) when you start the tunnel. This parameter is only required if you ran the tunnel from the CLI using a `cloudflared tunnel run` command. It is not necessary if the tunnel runs as a Linux/macOS service or runs in Docker/Kubernetes. \ No newline at end of file From fe0b771578959fc8129f6f1d1be6415ede8b4fb2 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 20 Dec 2024 18:21:34 -0500 Subject: [PATCH 09/16] update Contact Support --- .../faq/cloudflare-tunnels-faq.mdx | 28 ++++--------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx b/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx index 52427ebbc007bcc..ef58b2d070523f7 100644 --- a/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx +++ b/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx @@ -75,32 +75,14 @@ No. You cannot undo a tunnel deletion. If the tunnel was locally-managed, its [` ## How do I contact support? -### I am having an issue with a locally-managed tunnel. - Before contacting the Cloudflare support team: -- Take note of any specific error messages and/or problematic behaviors. - -- Take note of any options you specified, either on the command line or in your configuration file, when starting your tunnel. - -- Make sure that `cloudflared` is updated to the [latest version](https://github.com/cloudflare/cloudflared). - -- Gather any relevant error/access logs from your server. - -Set [`loglevel`](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#loglevel) to `debug`, so the Cloudflare support team can get more info from the `cloudflared.log` file. - -- Include your Cloudflare Tunnel logs file (`cloudflared.log`). If you did not specify a log file when starting your tunnel, you can do so using the [`logfile` option](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#logfile) either on the command line or in your configuration file. - -- Include your full `config.yml` file for the affected tunnel. - -### I am having an issue with a remotely-managed/dashboard tunnel. - -Before contacting the Cloudflare support team: +1. Take note of any specific error messages and/or problematic behaviors. -- Take note of any specific error messages and/or problematic behaviors. +2. Make sure that `cloudflared` is updated to the [latest version](https://github.com/cloudflare/cloudflared). -- Make sure that `cloudflared` is updated to the [latest version](https://github.com/cloudflare/cloudflared). +3. Gather any relevant error/access logs from your server. -- Gather any relevant error/access logs from your server. +4. (Locally-managed tunnels only) Set [`--loglevel`](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#loglevel) to `debug`, so the Cloudflare support team can get more info from the `cloudflared.log` file. -- Include your Cloudflare Tunnel logs file (`cloudflared.log`). If you did not specify a log file when starting your tunnel, add [`--logfile `](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#logfile) and [`--loglevel debug`](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#loglevel) to your system service configuration. To modify the system service, refer to [Configure a remotely-managed tunnel](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management/). +5. Include your [Cloudflare Tunnel diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/) (`cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip`). From 44282fb131397870f09891eecbbebd92baacc5ac Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 20 Dec 2024 18:23:44 -0500 Subject: [PATCH 10/16] tweak wording --- .../connect-networks/troubleshoot-tunnels/diag-logs.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index 851908db3530f37..c8389270966fa03 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -149,4 +149,4 @@ The `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` archive contains the files listed | `task-result.json` | Result of each diagnostic task | diagnoser | | `tunnelstate.json` | Tunnel connections at the time of diagnosis| diagnosee| -[^1]: If the log file is blank, you may need to manually [set the `--loglevel` parameter](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/#view-logs-on-the-server) when you start the tunnel. This parameter is only required if you ran the tunnel from the CLI using a `cloudflared tunnel run` command. It is not necessary if the tunnel runs as a Linux/macOS service or runs in Docker/Kubernetes. \ No newline at end of file +[^1]: If the log file is blank, you may need to [set `--loglevel` to `debug`](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/#view-logs-on-the-server) when you start the tunnel. The `--loglevel` parameter is only required if you ran the tunnel from the CLI using a `cloudflared tunnel run` command. It is not necessary if the tunnel runs as a Linux/macOS service or runs in Docker/Kubernetes. \ No newline at end of file From 712e61b6570b9b66f4a9e5a5d50fe72c3a57138d Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Sat, 21 Dec 2024 13:50:56 -0500 Subject: [PATCH 11/16] update default address --- .../connect-networks/monitor-tunnels/metrics.mdx | 4 +--- .../connect-networks/troubleshoot-tunnels/diag-logs.mdx | 7 +++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx index c629608e8ec2bcd..c4e0e26732ff7f1 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics.mdx @@ -14,9 +14,7 @@ Tunnel metrics show a Cloudflare Tunnel's throughput and resource usage over tim In non-containerized environments, `cloudflared` starts the metrics server on `127.0.0.1:/metrics`, where `` is the first available port in the range `20241` to `20245`. In case of all ports being unavailable then the fallback is to bind to a random port. In containerized environments such as Docker and Kubernetes, the default address is `0.0.0.0:/metrics`. -## Check the metrics server address - -To determine the metrics server address that is being used by a `cloudflared` instance, check your [Tunnel logs](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/) around the time when the tunnel started. For example: +To determine the default port being used by a `cloudflared` instance, you can check your [Tunnel logs](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/) around the time when the tunnel started. For example: ```text 2024-12-19T21:17:58Z INF Starting metrics server on 127.0.0.1:20241/metrics diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index c8389270966fa03..2f0103997e946ae 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -48,7 +48,7 @@ This command will output the status of each diagnostic task and place a `cloudfl `cloudflared` reads diagnostic data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). Therefore, the metrics server must be exposed from the Docker container and reachable from the host machine. -1. Determine the tunnel's [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). In Docker environments, the default IP and port is `0.0.0.0:20241`. +1. Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address). 2. On the host machine, verify that you can reach the metrics server address. For example, if the metrics server is listening at `0.0.0.0:20241`, run the following command: @@ -95,10 +95,9 @@ This command will output the status of each diagnostic task and place a `cloudfl ### Kubernetes -The diagnostic feature will request data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address) using ports `20241` to `20245`. You will need to use port forwarding to allow the local `cloudflared` instance to connect to the metrics server on one of these ports. +The diagnostic feature will request data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/) using ports `20241` to `20245`. You will need to use port forwarding to allow the local `cloudflared` instance to connect to the metrics server on one of these ports. - -1. Determine the tunnel's [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#check-the-metrics-server-address). In Kubernetes deployments, the default IP and port is `0.0.0.0:20241`. +1. Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address). 2. Enable port forwarding: From 7463acc65f73787c4c89462eafe42644be08bfc4 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 26 Dec 2024 15:11:50 -0500 Subject: [PATCH 12/16] update Docker instructions --- .../troubleshoot-tunnels/diag-logs.mdx | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index 2f0103997e946ae..89767926f5bbb0b 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -46,11 +46,17 @@ This command will output the status of each diagnostic task and place a `cloudfl ### Docker -`cloudflared` reads diagnostic data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). Therefore, the metrics server must be exposed from the Docker container and reachable from the host machine. +`cloudflared` reads diagnostic data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). To get diagnostic logs, the metrics server must be exposed from the Docker container and reachable from the host machine. -1. Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address). +1. Determine the [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address) for the `cloudflared` instance running in Docker. + +2. Re-deploy the container with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1: + + ```sh + docker run -d -p 20241: docker.io/cloudflare/cloudflared tunnel ... + ``` -2. On the host machine, verify that you can reach the metrics server address. For example, if the metrics server is listening at `0.0.0.0:20241`, run the following command: +3. Verify that you can reach the metrics server address: ```curl curl localhost:20241/diag/tunnel @@ -71,16 +77,7 @@ This command will output the status of each diagnostic task and place a `cloudfl } ``` -3. If the metrics server is unreachable, deploy the container again with port forwarding enabled. The diagnostic feature will try to request information from the Docker instance using ports `20241` to `20245`. You will need to forward one of these diagnostic ports to the metrics port. - - ```sh - docker run -d -p : docker.io/cloudflare/cloudflared tunnel ... - ``` - - - `` is any port in the range `20241` to `20245`. - - `` is the metrics port for the `cloudflared` instance you want to diagnose (obtained in Step 1). - -3. Take note of the Docker container ID and then run the diagnostic: +4. Run the diagnostic using the Docker container ID: ```sh cloudflared tunnel diag --diag-container-id= From 8563e36119ad2053e480ba30a5c90bb1f6a8beb5 Mon Sep 17 00:00:00 2001 From: ranbel <101146722+ranbel@users.noreply.github.com> Date: Fri, 27 Dec 2024 16:09:49 -0500 Subject: [PATCH 13/16] Apply suggestions from code review Co-authored-by: Devin --- .../connect-networks/troubleshoot-tunnels/diag-logs.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index 89767926f5bbb0b..b9c66e4f267ab7d 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -50,13 +50,13 @@ This command will output the status of each diagnostic task and place a `cloudfl 1. Determine the [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address) for the `cloudflared` instance running in Docker. -2. Re-deploy the container with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1: +2. Ensure the container is deployed with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1: ```sh docker run -d -p 20241: docker.io/cloudflare/cloudflared tunnel ... ``` -3. Verify that you can reach the metrics server address: +3. Verify that you can reach the metrics server address from the Docker host environment: ```curl curl localhost:20241/diag/tunnel @@ -109,9 +109,9 @@ The diagnostic feature will request data from the [tunnel metrics server](/cloud For example, if you set the metrics server address to `0.0.0.0:12345`: ```sh - kubectl port-forward http-echo-6d4897585b-r8kfz 20244:12345 + kubectl port-forward cloudflared-6d4897585b-r8kfz 20244:12345 ``` - Connections made to local port `20244` are forwarded to port `1234` of the pod that is running the tunnel. + Connections made to local port `20244` are forwarded to port `12345` of the pod that is running the tunnel. 3. Run the diagnostic: From cb6544a40747a50c1816b6bd9ee3153072569ed6 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 27 Dec 2024 16:25:29 -0500 Subject: [PATCH 14/16] apply review deedback --- .../connect-networks/troubleshoot-tunnels/diag-logs.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index b9c66e4f267ab7d..36f7784d79b0c20 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -88,6 +88,8 @@ This command will output the status of each diagnostic task and place a `cloudfl cloudflared tunnel diag --diag-container-id= ``` + Running the diagnostic command with the container ID allows `cloudflared` to collect information from the Docker environment such as logs and container details. + This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. ### Kubernetes @@ -103,8 +105,8 @@ The diagnostic feature will request data from the [tunnel metrics server](/cloud ``` - ``: Name of the pod where the tunnel is running - - `` is any port in the range `20241` to `20245`. - - `` is the metrics port for the `cloudflared` instance you want to diagnose (obtained in Step 1). + - `` is any local port in the range `20241` to `20245`. + - `` is the Kubernetes pod port for the `cloudflared` instance you want to diagnose (obtained in Step 1). For example, if you set the metrics server address to `0.0.0.0:12345`: From 806538493e8276d7890b55ee989136b033596d40 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 27 Dec 2024 18:54:23 -0500 Subject: [PATCH 15/16] update titles --- .../connect-devices/warp/troubleshooting/warp-logs.mdx | 3 ++- .../connect-networks/troubleshoot-tunnels/diag-logs.mdx | 6 ++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx index 4c882ae56ddf63d..52bdd4e303306cf 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx @@ -1,8 +1,9 @@ --- pcx_content_type: reference -title: Diagnostic logs +title: WARP diagnostic logs sidebar: order: 7 + label: Diagnostic logs --- import { TabItem, Tabs } from "~/components"; diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index 36f7784d79b0c20..192058a35b117ab 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -1,11 +1,9 @@ --- pcx_content_type: how-to -title: Diagnostic logs +title: Tunnel diagnostic logs sidebar: order: 1 -head: - - tag: title - content: Tunnel diagnostic logs + label: Diagnostic logs --- import {Details} from "~/components"; From aef57245ab25489b7851d4db17792479ea8664b5 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 2 Jan 2025 12:40:24 -0500 Subject: [PATCH 16/16] cap_net_raw optional --- .../connect-networks/troubleshoot-tunnels/diag-logs.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index 192058a35b117ab..01c1ce778011783 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -22,12 +22,14 @@ The steps for getting diagnostic logs depend on your `cloudflared` deployment en These instructions apply to remotely-managed and locally-managed tunnels running directly on the host machine. -1. (Linux only) Allow the `cloudflared` user to create RAW and PACKET sockets without root permissions: +1. (Linux only) To include network diagnostics in the logs, allow the `cloudflared` user to create RAW and PACKET sockets without root permissions: ```sh sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute ``` + If you do not set `cap_net_raw`, then traceroute data will be unavailable. + 2. Get diagnostic logs: ```sh