Pick one explicit model and make it consistent: Use TLS intentionally: configure a TLS-capable transport and keep TLS-auth parameters aligned. Use plain transport intentionally: remove TLS-only parameters so intent is clear and warnings stop.

Encrypting Syslog Traffic with TLS (SSL) [short version] — end-to-end TLS setup basics Encrypting Syslog Traffic with TLS (SSL) — certificate-based TLS deployment flow Reliable Forwarding of syslog Messages with Rsyslog — forwarding patterns you can combine with TLS

Why does rsyslog warn that anonymous TLS authentication allows MITM? — why anonymous TLS auth still permits MITM Why do I see gibberish when connecting with TLS? — TLS client talking to a plain listener imtcp: TCP Syslog Input Module omfwd: syslog Forwarding Output Module imrelp: RELP Input Module omrelp: RELP Output Module Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project Contributing: Source & docs: rsyslog source project © 2008–2026 Rainer Gerhards and others. Licensed under the Apache License 2.0.

Why does rsyslog warn that TLS is not active with streamdriver.mode=”0”?¶

Q: How to turn this warning off

These messages are emitted by compatibility secure mode warn. You can silence them by changing the global policy: global(compatibility.defaults.secure="backward-compatible"): keeps old insecure defaults and suppresses these warnings. global(compatibility.defaults.secure="strict"): enforces secure defaults and also suppresses these warnings because insecure defaults are no longer used. The recommended path is to keep warn until configuration is remediated, then move to strict.

If a connection is configured with plain transport (for example, streamdriver.mode="0", UDP, or RELP tls="off"), TLS is not in use even if other TLS-related parameters are present.

What this warning means¶

The warning indicates that the effective transport is not TLS-protected. Common cases are:

imtcp or omfwd with streamdriver.mode="0" (plain TCP)
omfwd with protocol="udp"
imrelp / omrelp with tls="off"

When these settings are active, encryption and certificate checks do not happen for that path.

Why this matters¶

If operators set TLS-related parameters (driver name, auth mode, certs) but transport mode still selects plain communication, configuration can look secure while traffic remains unencrypted. The warning is emitted to prevent this false sense of security.

How to fix¶

Pick one explicit model and make it consistent:

Use TLS intentionally: configure a TLS-capable transport and keep TLS-auth parameters aligned.
Use plain transport intentionally: remove TLS-only parameters so intent is clear and warnings stop.

How to turn this warning off¶

These messages are emitted by compatibility secure mode warn. You can silence them by changing the global policy:

global(compatibility.defaults.secure="backward-compatible"): keeps old insecure defaults and suppresses these warnings.
global(compatibility.defaults.secure="strict"): enforces secure defaults and also suppresses these warnings because insecure defaults are no longer used.

The recommended path is to keep warn until configuration is remediated, then move to strict.

Primary tutorials¶

Encrypting Syslog Traffic with TLS (SSL) [short version] — end-to-end TLS setup basics
Encrypting Syslog Traffic with TLS (SSL) — certificate-based TLS deployment flow
Reliable Forwarding of syslog Messages with Rsyslog — forwarding patterns you can combine with TLS