Please remove this dangerous unsecure-by-default instructions from the internet or make it secure!

[COLABORATI]

We have no place in 2017 for these kind of instructions that lead users into making their infrastructure insecure by default. I just came across a young admin-by-accident who pointed me at this documentation used for their servers and was absolutely not aware that he was sending log data unencrypted across the internet.

Of course you say "well, an experienced admin will know blablabla" and I tell you: an experienced admin is sick of these kind of bad docs that just throws the cheapest and most naive solution at people that probably have never done that stuff before and never wanted to do that but have been forced to do it by accident because "look, its just one line of config, it's easy!".

This practice is dangerous and you have to stop it! You are building up a wrong perception here with this not-encrypted-by-default documentation and you should at least warn people about that!

Better: make the docs secure-by-default (oh, it's not so easy-peasy any more).

Even better: provide something with your product gui that gives users a way to express the wish to ingest syslog from some machine and generate a secure configuration for copy-pasting with instructions.

Sorry for ranting, I am doing this as a service because somebody has to do it - graylog seems to be a really nice product but this is a very dark corner in the docs that gives a very bad feeling about the attitude of the team - please change your approach to technical solutions from "unsecure-by-default" to "secure-by-default" - thanks!