What are Traffic Logs?
Traffic Logs give you a real-time, per-request view of your server’s activity. Every MCP tool call is recorded with its full context: the MCP method, input parameters, response body, HTTP status, client IP, geographic origin, session ID, and execution duration.
You can access Traffic Logs from the dashboard sidebar under Observability → Traffic Logs, or from the Logs tab on any server detail page.
The log list
Each row in the log list displays the following columns:
| Column | Description |
|---|
| Status | HTTP status code as a color-coded chip (green for 2xx, red for 4xx/5xx) |
| Method | The MCP method that was called (see below) |
| Tool | The tool name that was invoked |
| Subdomain | Which server received the request |
| IP | Client IP address with country flag |
| Time | Timestamp of the request |
MCP methods tracked
Traffic Logs capture all MCP protocol methods, not just tool calls:
| Method | Description |
|---|
initialize | Client establishing an MCP session |
ping | Health check / keep-alive |
tools/list | Client requesting available tools |
tools/call | Client invoking a specific tool |
resources/list | Client listing available resources |
resources/read | Client reading a resource |
resources/templates/list | Client listing resource templates |
prompts/list | Client listing available prompts |
prompts/get | Client requesting a specific prompt |
Filters
The filter bar lets you narrow down logs with five independent filters plus a date range:
| Filter | Options |
|---|
| Server | Filter to a specific server by subdomain |
| Tool | Filter to a specific tool name (cascades based on server selection) |
| Method | Filter by MCP method (initialize, tools/call, resources/read, etc.) |
| Status Code | Filter by HTTP status: 200, 400, 401, 403, 404, 500, 502, 503 |
| Date Range | Calendar date picker with start and end dates |
tools/call requests that returned 500 on a specific server for the last 24 hours.
Auto-refresh
Toggle the Live switch to enable automatic log refreshing every 15 seconds. When active:
- A green animated dot appears next to the toggle
- The status text shows
refreshing every 15s
- All applied filters are preserved during refresh
- New logs appear at the top of the list
This is useful for monitoring a server in real time — for example, while testing a new tool or debugging an issue in production.
Request detail
Click any log row to open the full detail modal. The detail view is split into two columns:
| Field | Description |
|---|
| Status | HTTP status code with color-coded chip |
| Method | The MCP method called |
| Tool | Tool name |
| Session ID | The MCP session identifier (truncated for display) |
| Country | Country flag and ISO code from the client’s IP |
| IP Address | Full client IP (IPv4 or IPv6) |
| Authorization | First 10 characters of the auth header (masked for security) |
| Subdomain | The server that received the request |
| Timestamp | Full date and time of the request |
Right column — Request & Response
Request section — The full JSON body the client sent. For tools/call requests, this includes the tool name and parameter values:
{
"method": "tools/call",
"params": {
"name": "fetch_repo_stats",
"arguments": {
"repo": "anthropics/anthropic-sdk-python"
}
}
}
{
"content": [{
"type": "text",
"text": "{\"stars\": 3421, \"forks\": 312, \"language\": \"Python\"}"
}]
}
What’s logged and what’s not
| Logged | Not logged |
|---|
| Full request body and parameters | Secret values (env.*) — not included in MCP protocol layer |
| Full response body | Raw HTTP response bodies from external APIs (unless you log them) |
All console.* output | Internal MCPCore infrastructure details |
| Error messages and stack traces | Encrypted credentials in request headers |
| HTTP status code and duration | Full authorization tokens (masked after 10 chars) |
| Client IP and geographic origin | |
| MCP session ID | |
| CDN headers (IP, country) | |
Secret values (env.*) are not exposed at the MCP request/response level — they are never sent to the AI client or included in the MCP protocol layer. However, if you call console.log(env.MY_SECRET) in your tool code, that value will appear in your Traffic Logs. Never log raw secret values intentionally.
Logs are displayed 10 per page. Click Load More at the bottom to fetch the next batch. Skeleton loaders appear while new data is being fetched.
Retention
Traffic logs are retained for 30 days on the Free plan and 90 days on paid plans. Older logs are permanently deleted.
Common use cases
Debugging why a tool returned unexpected output: Open the log entry, inspect the full request (did the AI pass the right parameters?), then check the response (what did your code actually return?).
Monitoring in real time: Enable auto-refresh while testing a new tool or running a demo. Watch incoming requests appear live.
Tracking session behaviour: Filter by session ID to see the full sequence of MCP calls within a single client session — from initialize through tools/list to individual tools/call invocations.
Verifying auth configuration: After switching security modes, check the logs for 401 or 403 responses to confirm non-authenticated clients are being rejected.
