Elevating Syslog Security: RSyslog Introduces DTLS Plugins for UDP

We at the RSyslog project are excited to share our recent advancements in syslog security. We have introduced initial plugins for Datagram Transport Layer Security (DTLS) syslog, namely imdtls (input module) and omdtls (output module). This development, which aligns with RFC 6012, represents a significant enhancement, albeit not a game-changer, in our continuous efforts to improve secure log transmission.

A symbolic graphic depicting syslog traffic.
A symbolic graphic depicting syslog traffic. (Picture: Rainer Gerhards via AI)

DTLS in Syslog: A Useful Enhancement, Not a Game Changer

It’s important to acknowledge that syslog already possesses vital encryption support, albeit limited to TCP-based connections. This TCP encryption has been solving a wide array of use cases effectively. However, certain specific applications benefit more from running on UDP instead of TCP. In these scenarios, DTLS plays a crucial role.

While DTLS for syslog is far from mainstream, we believe that our support for it in RSyslog will facilitate wider adoption, especially in use cases where UDP is preferred. As Rainer Gerhards, the maintainer of the RSyslog project and one of the authors of RFC 6012, puts it, “While DTLS syslog is currently far from being mainstream, we hope that our new support for it in RSyslog will help towards wider adaptation.”

RSyslog’s Integration of DTLS Plugins

The integration of imdtls and omdtls plugins signifies our commitment to enhancing syslog security. By offering DTLS support, we are addressing the need for secure log transmission in scenarios where UDP is a better fit than TCP.

We are now in the experimental phase of integrating these DTLS plugins and invite users to participate in this phase. Your feedback is vital for assessing the functionality and security of the DTLS implementation across different environments.

Invitation for Community Participation

We encourage RSyslog users to try out these new DTLS plugins. Your involvement and feedback during this experimental phase are crucial for ensuring that these plugins meet diverse requirements and effectively contribute to enhancing syslog security.

Conclusion

The introduction of imdtls and omdtls plugins for DTLS syslog is an important step in our ongoing efforts to provide robust security solutions for log data transmission. This enhancement, while not revolutionary, adds a valuable layer of security for certain applications where UDP is preferred.

View the related PR on github

Scroll to top