diff --git a/app.go b/app.go
index a96ab83a..30a9b841 100644
--- a/app.go
+++ b/app.go
@@ -112,6 +112,8 @@ type Config struct {
 
 	OIDC OIDCConfig
 
+	LogTail LogTailConfig
+
 	CLI CLIConfig
 }
 
@@ -138,6 +140,10 @@ type DERPConfig struct {
 	UpdateFrequency  time.Duration
 }
 
+type LogTailConfig struct {
+	Enabled bool
+}
+
 type CLIConfig struct {
 	Address  string
 	APIKey   string
diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go
index 8a2157a7..b1a5d4f8 100644
--- a/cmd/headscale/cli/utils.go
+++ b/cmd/headscale/cli/utils.go
@@ -72,6 +72,8 @@ func LoadConfig(path string) error {
 	viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
 	viper.SetDefault("oidc.strip_email_domain", true)
 
+	viper.SetDefault("logtail.enabled", false)
+
 	if err := viper.ReadInConfig(); err != nil {
 		return fmt.Errorf("fatal error reading config file: %w", err)
 	}
@@ -167,6 +169,14 @@ func GetDERPConfig() headscale.DERPConfig {
 	}
 }
 
+func GetLogConfig() headscale.LogTailConfig {
+	enabled := viper.GetBool("logtail.enabled")
+
+	return headscale.LogTailConfig{
+		Enabled: enabled,
+	}
+}
+
 func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 	if viper.IsSet("dns_config") {
 		dnsConfig := &tailcfg.DNSConfig{}
@@ -270,6 +280,7 @@ func absPath(path string) string {
 func getHeadscaleConfig() headscale.Config {
 	dnsConfig, baseDomain := GetDNSConfig()
 	derpConfig := GetDERPConfig()
+	logConfig := GetLogConfig()
 
 	configuredPrefixes := viper.GetStringSlice("ip_prefixes")
 	parsedPrefixes := make([]netaddr.IPPrefix, 0, len(configuredPrefixes)+1)
@@ -378,6 +389,8 @@ func getHeadscaleConfig() headscale.Config {
 			StripEmaildomain: viper.GetBool("oidc.strip_email_domain"),
 		},
 
+		LogTail: logConfig,
+
 		CLI: headscale.CLIConfig{
 			Address:  viper.GetString("cli.address"),
 			APIKey:   viper.GetString("cli.api_key"),
diff --git a/config-example.yaml b/config-example.yaml
index ebaa7101..2330a69d 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -235,3 +235,12 @@ unix_socket_permission: "0770"
 #   namespace: `first-name.last-name.example.com`
 #
 #   strip_email_domain: true
+
+# Logtail configuration
+# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel
+# to instruct tailscale nodes to log their activity to a remote server.
+logtail:
+  # Enable logtail for this headscales clients.
+  # As there is currently no support for overriding the log server in headscale, this is 
+  # disabled by default. Enabling this will make your clients send logs to Tailscale Inc.
+  enabled: false