To configure logs in a self-hosted Ory Kratos deployment, you need to adjust the logging settings in your Kratos configuration file (YAML, JSON, or TOML). Here are the key points: - Log Fields: Ory Kratos logs provide context such as audience (application or audit), HTTP request details (headers, method, path, remote IP, etc.), and service metadata. Sensitive values like Authorization and Cookie headers are redacted by default, but you can control this behavior. - Sensitive Values: To prevent leaking secrets, set

log.leak_sensitive_values

to

false

in your configuration. This ensures sensitive data is not shown in logs.

yaml   log:     leak_sensitive_values: false

- Log Example: A typical log entry might look like this:

time=2020-05-20T12:20:10+02:00 level=info msg=I am an example log audience=application http_request=map[headers:map[accept-encoding:gzip user-agent:Go-http-client/1.1] host:127.0.0.1:52286 method:GET path:/foo/bar query:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true". remote:127.0.0.1:52287 scheme:http] service_name=foo service_version=bar

- Environment Variables: You can also set logging configuration using environment variables. For example,

LOG_LEAK_SENSITIVE_VALUES=false

will have the same effect as the YAML setting above. For more details on log fields and configuration, see the official documentation: [Logs and audit trails](https://www.ory.sh/docs/self-hosted/operations/logging#log-fields) and [Configure Ory Kratos](https://www.ory.sh/docs/kratos/configuring)<source>https://www.ory.sh/docs/self-hosted/operations/logging#log-fields&lt;/source&gt;&lt;source&gt;https://www.ory.sh/docs/kratos/configuring&lt;/source>.

When email messages in self-hosted Ory Kratos are marked as abandoned after 6 retries, it typically means the mail courier was unable to deliver the message within the configured number of attempts. By default, the number of retries is controlled by the

message_retries

parameter in your Kratos configuration. If the courier can't deliver the message within this limit, the message status becomes Abandoned and no further attempts are made. Example configuration:

yaml courier:   message_retries: 5  # Default is 5, but your system may be set to 6

Key points to check: - Courier Worker: Ensure the mail courier is running properly. In single-instance setups, use the

--watch-courier

flag. In multi-instance setups, run the courier as a singleton job using

kratos courier watch

 [Mail courier in self-hosted Ory Kratos](https://www.ory.sh/docs/kratos/self-hosted/mail-courier-selfhosted). - SMTP/SMS Configuration: If using SMTP or HTTP for delivery, verify that your configuration is correct and that the mail server or SMS gateway is reachable and accepting connections. - Logs: Even with debug logs, if you are not seeing detailed errors, it may indicate that the courier is unable to reach the delivery endpoint at all, or that the endpoint is returning a generic error. Check network connectivity and credentials. - Template Issues: If you are using custom templates or HTTP delivery, ensure your templates and request bodies are valid and compatible with your provider [HTTP based email delivery](https://www.ory.sh/docs/kratos/self-hosted/email-http#configuration). - Error Handling: The courier will abandon messages after the configured number of retries. If you need more attempts, increase

message_retries

in your config. If you are not seeing any special logs, double-check that your log level is set to debug and that logs are not being filtered elsewhere. Also, review the logs of your SMTP server or HTTP endpoint for additional clues. If the above checks do not resolve the issue, and you are not seeing any errors in the logs, the knowledge sources do not provide further troubleshooting steps for this specific scenario. You may need to enable more verbose logging on your mail/SMS provider or network infrastructure to diagnose connectivity or authentication issues [Mail courier in self-hosted Ory Kratos](https://www.ory.sh/docs/kratos/self-hosted/mail-courier-selfhosted).

To set the log level to debug for the Ory Kratos courier, you need to configure the log level in your Kratos configuration file under the

log

section. This setting applies globally to all Kratos components, including the courier. Example configuration in your config file (YAML):

yaml log:   level: debug   format: text   leak_sensitive_values: false

Alternatively, you can set the environment variable:

LOG_LEVEL=debug

This will ensure that debug-level logs are produced, including those from the courier worker. There is no separate log level setting specifically for the courier; it uses the global log configuration [Logs and audit trails](https://www.ory.sh/docs/self-hosted/operations/logging) [Configure Ory Kratos](https://www.ory.sh/docs/kratos/configuring).

If Ory Kratos fails to send emails and the message is marked as "abandoned" after several attempts, the main error you will see in the logs is typically that the message was abandoned after the configured number of retries (e.g., "Message was abandoned because it did not deliver after 6 attempts"). This is the default behavior when the courier cannot deliver a message within the allowed retries [Mail courier in self-hosted Ory Kratos](https://www.ory.sh/docs/kratos/self-hosted/mail-courier-selfhosted). Additional Error Details: - If there is a specific error from the SMTP server (such as authentication failure, connection timeout, or invalid configuration), Kratos should log that error as part of the courier logs, especially if the log level is set to

debug

. - However, if you are only seeing the "abandoned" message and not more detailed errors, it may indicate that: - The SMTP server is unreachable or not responding at all. - The error is not being surfaced by the underlying library, or logs are being filtered elsewhere. - The log level is not set to

debug

, or logs are not being captured correctly. How to Debug Better: 1. Set Log Level to Debug: Ensure your configuration includes:

yaml    log:      level: debug

or set the environment variable:

LOG_LEVEL=debug

This will provide more verbose output, including SMTP connection attempts and errors [Logs and audit trails](https://www.ory.sh/docs/self-hosted/operations/logging). 2. Check SMTP Server Logs: If Kratos reports "abandoned" but the SMTP URI is correct, check your SMTP server logs for incoming connection attempts or errors. Sometimes the issue is on the server side (e.g., authentication, rate limiting, or firewall). 3. Validate Network Connectivity: Ensure the Kratos instance can reach the SMTP server (e.g., using

telnet

or

nc

from the container/host). 4. Check for URI Encoding Issues: If your SMTP username or password contains special characters, ensure they are properly URL-encoded in the connection URI. Incorrect encoding is a common cause of silent failures [Invalid SMTP courier URL format (OTA-112022-01)](https://www.ory.sh/docs/troubleshooting/smtp-courier-OTA-112022-01). 5. Review Ory Console (if using Ory Network): The Email Delivery dashboard in the Ory Console can show more details about delivery failures if you are using Ory Network [Use a custom server to send Ory Identity messages to users](https://www.ory.sh/docs/kratos/emails-sms/sending-emails-smtp#troubleshooting). Summary: You should see more detailed error messages in the logs if the log level is set to

debug

and the SMTP server is reachable. If you only see "abandoned after x attempts," it usually means Kratos was unable to connect or authenticate, and you should check both your Kratos and SMTP server logs for more information. If detailed errors are still missing, the knowledge sources do not provide further troubleshooting steps for this scenario.

Yes, Ory Kratos comes with built-in default templates for all system messages, including email verification, account recovery, login codes, and registration codes. If you have not configured any custom templates, Kratos will automatically use these built-in templates. You do not need to provide your own templates for the system to function out of the box [Email templates](https://www.ory.sh/docs/kratos/emails-sms/custom-email-templates). Therefore, the absence of custom templates should not cause email delivery to fail. If you are experiencing issues with email delivery, the problem is likely elsewhere (such as SMTP configuration, network connectivity, or authentication), not due to missing templates [Email templates](https://www.ory.sh/docs/kratos/emails-sms/custom-email-templates).