# Enable connection logging for an existing AWS Client VPN endpoint
<a name="create-connection-log-existing"></a>

You can enable connection logging for an existing Client VPN endpoint by using the console or the command line.

**To enable connection logging for an existing Client VPN endpoint using the console**

1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, choose **Client VPN Endpoints**.

1. Select the Client VPN endpoint, choose **Actions**, and then choose **Modify Client VPN endpoint**.

1. Under **Connection logging**, turn on **Enable log details on client connections**.

1. For **CloudWatch Logs log group name**, choose the name of the CloudWatch Logs log group.

1. (Optional) For **CloudWatch Logs log stream name**, choose the name of the CloudWatch Logs log stream.

1. Choose **Modify Client VPN endpoint**.

**To enable connection logging for an existing Client VPN endpoint using the AWS CLI**  
Use the [modify-client-vpn-endpoint](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-client-vpn-endpoint.html) command and specify the `--connection-log-options` parameter. You can specify the connection logs information in JSON format, as shown in the following example.

```
{
    "Enabled": true,
    "CloudwatchLogGroup": "ClientVpnConnectionLogs",
    "CloudwatchLogStream": "NewYorkOfficeVPN"
}
```