Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
High performance TLS logging
rsyslog at lists
Apr 3, 2023, 7:08 AM
Post #1 of 2 (141 views)
Permalink
Hi,

we have been using imptcp module for remote logging high amount of
logs (over 1M log lines per minute) received from >40 servers. Now we
would like to switch to TLS, but it looks like imptcp does not support
TLS, only imtcp.

Will imtcp support that amount of logs? As far as i can see, it does
not support threads etc.

Are there any contraindications to switching to imtcp with gnutls
support? Or maybe imptcp and some tls tunneling would be better in
this case.

Thank you,
Marcin
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: High performance TLS logging [ In reply to ]
rsyslog at lists
Apr 4, 2023, 12:29 AM
Post #2 of 2 (140 views)
Permalink
Hi Marcin!

I haven't tried imtcp in production.. but a few years ago I had quite a
loaded rsyslog infra setup. So from my memories 1M msg/min is not that
high.. it's just 17k msg/s. I'd expect even RELP should be able to process
this on a single core. Though my infra was baremetal Xeon servers. If
you're using cloud instances then it might be expensive.

Another idea for you. At my ex-job we had rsyslog fronted by nginx for
stream SSL termination. So you can terminate SSL on nginx and proxy the
unencrypted tcp stream to imptcp. Another workaround is stunnel if you'd
prefer it.

As I Understand, GnuTLS is not recommended these days. OpenSSL (ossl)
backend is preferred.


On Mon, 3 Apr 2023 at 18:08, Marcin Wanat via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> Hi,
>
> we have been using imptcp module for remote logging high amount of
> logs (over 1M log lines per minute) received from >40 servers. Now we
> would like to switch to TLS, but it looks like imptcp does not support
> TLS, only imtcp.
>
> Will imtcp support that amount of logs? As far as i can see, it does
> not support threads etc.
>
> Are there any contraindications to switching to imtcp with gnutls
> support? Or maybe imptcp and some tls tunneling would be better in
> this case.
>
> Thank you,
> Marcin
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>


--
Yury Bushmelev
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal