Graylog: Choosing the right protocol

This documentation is part of the Choose input types guide. View the full guide here: How to choose the right Graylog input type.

👋 Welcome to the Stackhero documentation!

Stackhero offers a ready-to-use Graylog cloud solution that provides a host of benefits, including:

  • Unlimited and dedicated SMTP email server included.
  • Effortless updates with just a click.
  • Customizable domain name secured with HTTPS (for example, https://logs.your-company.com).
  • Optimal performance and robust security powered by a private and dedicated VM.

Save time and simplify your life: it only takes 5 minutes to try Stackhero's Graylog cloud hosting solution!

Once you have selected the appropriate format (we hope you chose GELF!), you need to choose a communication protocol between TCP and UDP.

The UDP protocol is quite simple. Your application sends the message to the server without requiring a confirmation of receipt. There is no dialogue between the client and the server, meaning the server does not confirm that it has received the message.

The advantage of this approach is that if your Graylog server is slow or down, it will not impact your application's performance. The downside is that you cannot be certain every log sent from your application will reach the server. Additionally, encryption is not available with UDP.

  1. Does not impact your application if Graylog is slow or down.
  1. Some messages may be lost.
  2. Encryption is not available.
  3. Message size is limited to 8192 bytes.

The TCP protocol, in contrast to UDP, exchanges information between your application and Graylog. This means you receive a confirmation that the message has been received by Graylog.

The benefit of TCP is that you can resend a message if it is not received by Graylog (for instance, when the server is down). The drawback is that if Graylog is slow or unresponsive, your application must wait for a response or a timeout, potentially slowing it down.

Another benefit is that you can encrypt your communications with TLS (also known as SSL).

  • Ensures that the message has been received.
  • Encryption is available (TLS).
  • No message size limitation
  • Can slow down the sender if Graylog is slow to respond or down.