imdtls: Input Module for DTLS Protocol over UDP¶
Module Name: |
imdtls |
Author: |
Andre Lorbach <alorbach@adiscon.com> |
Available since: |
v8.2402.0 |
Purpose¶
The imdtls module for rsyslog is designed to securely transport syslog messages over the network using the Datagram Transport Layer Security (DTLS) protocol. This module leverages the robustness and security features of OpenSSL to provide an encrypted transport mechanism for syslog messages via UDP.
DTLS, being an adaptation of TLS for datagram-based protocols, offers integrity, authenticity, and confidentiality for messages in transit. The imdtls module is particularly useful in environments where secure transmission of log data is crucial, such as in compliance-driven industries or when transmitting across untrusted networks.
By operating over UDP, imdtls offers the benefits of lower latency and reduced protocol overhead compared to TCP-based transport, making it well-suited for high-throughput logging scenarios or in networks where connection-oriented protocols may face challenges.
Requirements¶
To receive messages by DTLS you will need to fulfill the following requirements:
OpenSSL 1.0.2 or Higher
Configuration Parameters¶
Note
Parameter names are case-insensitive; camelCase is recommended for readability.
Module Parameters¶
This module currently has no module-level parameters.
Input Parameters¶
Parameter |
Summary |
|---|---|
Listens for DTLS syslog messages on the specified local IP address. |
|
Binds the imdtls listener to the specified UDP port for DTLS traffic. |
|
Closes idle DTLS sessions after the configured inactivity period. |
|
Assigns a unique identifier to the imdtls input instance. |
|
Binds received DTLS messages to the specified processing ruleset. |
|
Defines the mutual authentication method used for DTLS clients. |
|
Specifies the CA certificate file used to verify DTLS client certificates. |
|
Identifies the certificate file the imdtls listener presents to peers. |
|
Points to the private key file paired with |
|
Passes additional OpenSSL configuration commands to fine-tune DTLS handling. |
|
Restricts DTLS clients to the listed certificate fingerprints or names. |
Statistic Counter¶
This plugin maintains global statistics for imdtls that accumulate all action instances. The statistic origin is named “imdtls” with following counters:
submitted - This counter tracks the number of log messages that have been received by the current input instance.
These statistics counters are updated in real-time by the rsyslog output module as log data is processed, and they provide valuable information about the performance and operation of the input module.
For multiple actions using statistics callback, there will be one record for each action.
Examples¶
Example 1: Basic¶
The following sample does the following:
loads the imdtls module
outputs all logs to File
module(load="imdtls")
input(type="imdtls" port="4433")
action( type="omfile" file="/var/log/dtls.log")
Example 2: Require valid certificate¶
The following sample does the following:
loads the imdtls module
Validates the client certificate, requires same CA for client and server certificate
outputs all logs to File
module(load="imdtls")
input(type="imdtls"
port="4433"
tls.cacert="/etc/private/ca.pem"
tls.mycert="/etc/private/cert.pem"
tls.myprivkey="/etc/private/key.pem"
tls.authmode="certvalid" )
action( type="omfile" file="/var/log/dtls.log")
Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project
Contributing: Source & docs: rsyslog source project
© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.