Graylog: Choosing the right protocol

This documentation is part of the Choose input types guide. You can view the complete guide here: How to choose the right Graylog input type.

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

Once you have chosen the format (we hope you chose GELF!), you need to select the communication protocol between TCP and UDP.

The UDP protocol is very simple. Your application sends the message to the server without waiting for a receipt confirmation. There is no dialogue between the client and the server, which means the server does not confirm receipt of the message.

The advantage of this approach is that if your Graylog server is slow or unavailable, it will not impact your application's performance. The downside is that you cannot guarantee that every log sent by your application will actually reach the server. Also, encryption is not available with UDP.

  1. Does not impact your application if Graylog is slow or unavailable.
  1. Some messages may be lost.
  2. Encryption is not available.
  3. Message size is limited to 8192 bytes.

The TCP protocol, unlike UDP, allows for an exchange of information between your application and Graylog. This means you receive confirmation that the message has been received by Graylog.

The benefit of TCP is that you can resend a message if it is not received by Graylog (for example, if the server is unavailable). The drawback is that if Graylog is slow or unresponsive, your application must wait for a response or a timeout, which can slow it down.

Another advantage is that you can encrypt your communications with TLS (also known as SSL).

  • Ensures that the message has been received.
  • Encryption is available (TLS).
  • No message size limitation
  • Can slow down the sender if Graylog is slow to respond or unavailable.