SSL/TLS slowness

[phr0gz]

Hello, it seems that the SSL/TLS option is slowing down the input packet rate, I've done two tests:

1/ Test 1

In this test there are two computers:

Computer1 with rsyslog Computer2 with logstash (In this test logstash is running with ´´´ssl_enable => "true"´´´)

Computer1 is sending data with rsyslog via rsyslog-tls to Computer2 with logstash.

Schema:

computer1 (rSyslog) ---TLS---> Computer2 (Logstash)

2/ Test 2

In this test there are two computers:

Computer1 with rsyslog Computer2 with rsyslog and logstash

Computer1 is sending data with rsyslog via rsyslog-tls to Computer2, Computer2 receive the encrypted data with rsyslog, decrypt the data and send it to logstash via the loopback.

Schema:

computer1 (rSyslog) ---TLS---> Computer2 (rSyslog ---No TLS---> Logstash)

Condition of the test:

Step1:

Computer1 is overloaded with logger during 30 minutes (logs are stored in the RAM).

Step2:

Then the service(s) is/are started on Computer2: for test1 logstash; for test2 logstash and rsyslog.

Result:

Test1:

Test2:

As we can see in Test1 we receive 2000 events/sec, but in Test2 we receive 20000 event/s. We can't say it's because decoding TLS is taking a lot of resources, because in the second test we are using rsyslog on the same machine as logstash (sort of ssl offloading via rsyslog).

[phr0gz]

Sorry, it's about the logstash-input-tcp plugin.