diff --git a/cmd/headscale/cli/root.go b/cmd/headscale/cli/root.go
index 459a99fd..659358fc 100644
--- a/cmd/headscale/cli/root.go
+++ b/cmd/headscale/cli/root.go
@@ -55,6 +55,10 @@ func initConfig() {
 		zerolog.SetGlobalLevel(zerolog.Disabled)
 	}
 
+	if cfg.JSONLogs {
+		log.Logger = log.Output(os.Stdout)
+	}
+
 	if !cfg.DisableUpdateCheck && !machineOutput {
 		if (runtime.GOOS == "linux" || runtime.GOOS == "darwin") &&
 			Version != "dev" {
diff --git a/config-example.yaml b/config-example.yaml
index 2019a133..883d81fd 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -173,6 +173,7 @@ tls_cert_path: ""
 tls_key_path: ""
 
 log_level: info
+json_logs: false
 
 # Path to a file containg ACL policies.
 # ACLs can be defined as YAML or HUJSON.
diff --git a/config.go b/config.go
index 00247318..83cfc621 100644
--- a/config.go
+++ b/config.go
@@ -37,6 +37,7 @@ type Config struct {
 	NoisePrivateKeyPath            string
 	BaseDomain                     string
 	LogLevel                       zerolog.Level
+	JSONLogs                       bool
 	DisableUpdateCheck             bool
 
 	DERP DERPConfig
@@ -147,6 +148,7 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("tls_client_auth_mode", "relaxed")
 
 	viper.SetDefault("log_level", "info")
+	viper.SetDefault("json_logs", false)
 
 	viper.SetDefault("dns_config", nil)
 
@@ -434,6 +436,7 @@ func GetHeadscaleConfig() (*Config, error) {
 	if err != nil {
 		logLevel = zerolog.DebugLevel
 	}
+	jsonLogs := viper.GetBool("json_logs")
 
 	legacyPrefixField := viper.GetString("ip_prefix")
 	if len(legacyPrefixField) > 0 {
@@ -488,6 +491,7 @@ func GetHeadscaleConfig() (*Config, error) {
 		GRPCAllowInsecure:  viper.GetBool("grpc_allow_insecure"),
 		DisableUpdateCheck: viper.GetBool("disable_check_updates"),
 		LogLevel:           logLevel,
+		JSONLogs:           jsonLogs,
 
 		IPPrefixes: prefixes,
 		PrivateKeyPath: AbsolutePathFromConfigPath(