Skip to main content

Log output options

--log
file
Output logging messages to file, including output to stdout/stderr which is generated by called scripts.If file already exists it will be truncated. This option takes effect immediately when it is parsed in the command line and will supersede syslog output if --daemon is also specified.
This option is persistent over the entire course of an OpenVPN instantiation and will not be reset by SIGHUP, SIGUSR1, or --ping-restart.
On Windows, when OpenVPN is started as a service, logging occurs by default without the need to specify this option.
--log-append
file
Append logging messages to file. If file does not exist, it will be created.This option behaves exactly like --log except that it appends to rather than truncating the log file.
--syslog
string
Direct log output to system logger, but do not become a daemon.The progname parameter specifies the program name to use when logging messages.
--echo
string
Echo parameters to log output.Designed to be used to send messages to a controlling application which is receiving the OpenVPN log output.

Verbosity and filtering

--verb
number
default:"1"
Set output verbosity to n. Each level shows all info from the previous levels.Level 3 is recommended if you want a good summary of what’s happening without being swamped by output.Verbosity levels:
No output except fatal errors.
Normal usage range.
  • Level 1: Minimal output
  • Level 2: More detailed connection information
  • Level 3: Recommended level - good summary without excessive output
  • Level 4: More detailed packet information
Outputs R and W characters to the console for each packet read and write:
  • Uppercase is used for TCP/UDP packets
  • Lowercase is used for TUN/TAP packets
Debug info range. See errlevel.h in the source code for additional information on debug levels.
Example:
verb 3
--mute
number
Log at most n consecutive messages in the same category.This is useful to limit repetitive logging of similar message types.Example:
mute 20
--mute-replay-warnings
boolean
Silence the output of replay warnings, which are a common false alarm on WiFi networks.This option preserves the security of the replay protection code without the verbosity associated with warnings about duplicate packets.
This is particularly useful on WiFi networks where packet replay warnings are common but generally not a security concern.

Timestamp options

--machine-readable-output
boolean
Always write timestamps and message flags to log messages, even when they otherwise would not be prefixed.In particular, this applies to log messages sent to stdout.
This option is useful when parsing log output programmatically.
--suppress-timestamps
boolean
Avoid writing timestamps to log messages, even when they otherwise would be prepended.In particular, this applies to log messages sent to stdout.

Error handling

--errors-to-stderr
boolean
Output errors to stderr instead of stdout unless log output is redirected by one of the --log options.
This option is useful for separating error messages from normal log output in scripts and automation.

Examples

openvpn --config client.ovpn --log /var/log/openvpn.log --verb 3
This configuration:
  • Logs all output to /var/log/openvpn.log
  • Uses verbosity level 3 (recommended)
  • Truncates the log file if it already exists
openvpn --config client.ovpn --log-append /var/log/openvpn.log --verb 4
This configuration:
  • Appends to /var/log/openvpn.log instead of truncating
  • Uses verbosity level 4 for more detailed output
  • Preserves existing log entries
openvpn --config server.ovpn --syslog openvpn-server --verb 3
This configuration:
  • Sends log output to system logger
  • Uses “openvpn-server” as the program name in syslog
  • Suitable for production server deployments
openvpn --config client.ovpn --verb 5 --mute 10 --mute-replay-warnings
This configuration:
  • Uses verbosity level 5 to show R/W packet indicators
  • Limits consecutive duplicate messages to 10
  • Silences replay warnings common on WiFi
  • Useful for debugging connection issues
openvpn --config client.ovpn --machine-readable-output --verb 3 \
  --log /var/log/openvpn.log
This configuration:
  • Always includes timestamps and message flags
  • Suitable for log parsing and monitoring tools
  • Ensures consistent log format

Best practices

Recommended verbosity levels:
  • Production: Level 1-2 for minimal overhead
  • Troubleshooting: Level 3 for balanced detail
  • Debugging: Level 4-5 for detailed diagnostics
  • Development: Level 6+ only when needed (very verbose)
Performance considerations:
  • Higher verbosity levels increase CPU usage and log file size
  • Level 5 and above can generate substantial output
  • Consider using --mute to limit repetitive messages
  • Rotate log files regularly to prevent disk space issues
Log file management:
  • Use --log-append to preserve historical data
  • Implement log rotation with tools like logrotate
  • Monitor log file sizes in production environments
  • Use --syslog for centralized logging infrastructure