diff --git a/internal/cmd/root.go b/internal/cmd/root.go
index 353935c..b3ae044 100644
--- a/internal/cmd/root.go
+++ b/internal/cmd/root.go
@@ -10,6 +10,7 @@ import (
 )
 
 var (
+	debug    bool
 	compress bool
 	listen   string
 	project  string
@@ -19,9 +20,14 @@ var (
 var rootCmd = &cobra.Command{
 	Use:  "iapc",
 	Long: "Utility for Google Cloud's Identity-Aware Proxy",
+	PersistentPreRun: func(cmd *cobra.Command, args []string) {
+		if debug {
+			log.SetLevel(log.DebugLevel)
+		}
+	},
 }
 
-func getTokenSource() *oauth2.TokenSource {
+func tokenSource() *oauth2.TokenSource {
 	tokenSource, err := google.DefaultTokenSource(context.Background())
 	if err != nil {
 		log.Fatal(err)
@@ -30,6 +36,7 @@ func getTokenSource() *oauth2.TokenSource {
 }
 
 func init() {
+	rootCmd.PersistentFlags().BoolVar(&debug, "debug", false, "Enable debug logging")
 	rootCmd.PersistentFlags().BoolVarP(&compress, "compress", "c", false, "Enable WebSocket compression")
 	rootCmd.PersistentFlags().StringVarP(&listen, "listen", "l", "127.0.0.1:0", "Listen address and port")
 	rootCmd.PersistentFlags().StringVar(&project, "project", "", "Project ID")
diff --git a/internal/cmd/to_host.go b/internal/cmd/to_host.go
index e0c0f8c..33cdb21 100644
--- a/internal/cmd/to_host.go
+++ b/internal/cmd/to_host.go
@@ -20,14 +20,14 @@ var hostCmd = &cobra.Command{
 	Long: "Create a tunnel to a remote private IP or FQDN (requires BeyondCorp Enterprise)",
 	Args: cobra.ExactArgs(1),
 	PreRun: func(cmd *cobra.Command, args []string) {
-		log.Info("Starting proxy", "dest", fmt.Sprintf("%v:%v", args[0], port), "project", project)
+		log.Info("Starting proxy", "dest", fmt.Sprintf("%v:%v", args[0], port), "port", port, "project", project)
 	},
 	Run: func(cmd *cobra.Command, args []string) {
 		opts := []iap.DialOption{
 			iap.WithProject(project),
 			iap.WithHost(args[0], region, network, destGroup),
 			iap.WithPort(fmt.Sprint(port)),
-			iap.WithTokenSource(getTokenSource()),
+			iap.WithTokenSource(tokenSource()),
 		}
 		if compress {
 			opts = append(opts, iap.WithCompression())
diff --git a/internal/cmd/to_instance.go b/internal/cmd/to_instance.go
index 3fc2b35..0dae326 100644
--- a/internal/cmd/to_instance.go
+++ b/internal/cmd/to_instance.go
@@ -19,14 +19,14 @@ var instanceCmd = &cobra.Command{
 	Long: "Create a tunnel to a remote Compute Engine instance",
 	Args: cobra.ExactArgs(1),
 	PreRun: func(cmd *cobra.Command, args []string) {
-		log.Info("Starting proxy", "dest", fmt.Sprintf("%v:%v", args[0], port), "project", project)
+		log.Info("Starting proxy", "dest", fmt.Sprintf("%v:%v", args[0], port), "port", port, "project", project)
 	},
 	Run: func(cmd *cobra.Command, args []string) {
 		opts := []iap.DialOption{
 			iap.WithProject(project),
 			iap.WithInstance(args[0], zone, ninterface),
 			iap.WithPort(fmt.Sprint(port)),
-			iap.WithTokenSource(getTokenSource()),
+			iap.WithTokenSource(tokenSource()),
 		}
 		if compress {
 			opts = append(opts, iap.WithCompression())
diff --git a/internal/proxy/proxy.go b/internal/proxy/proxy.go
index d87c4ed..c92194b 100644
--- a/internal/proxy/proxy.go
+++ b/internal/proxy/proxy.go
@@ -43,13 +43,16 @@ func testConn(opts []iap.DialOption) error {
 func handleClient(opts []iap.DialOption, conn net.Conn) {
 	log.Info("Client connected", "client", conn.RemoteAddr())
 
+	log.Debug("Dialing IAP", "client", conn.RemoteAddr())
+
 	tun, err := iap.Dial(context.Background(), opts...)
 	if err != nil {
 		log.Errorf("Error dialing IAP: %v", err)
 		return
 	}
 	defer tun.Close()
-	log.Info("Established connection with proxy", "client", conn.RemoteAddr(), "sid", tun.SessionID())
+
+	log.Debug("Dialed IAP", "client", conn.RemoteAddr(), "sid", tun.SessionID())
 
 	go io.Copy(conn, tun)
 	io.Copy(tun, conn)