We have an application that runs on hundreds of users’ computers on our company’s internal network. We want to start sending logs from this app to a SIEM (Graylog). We have decided to add code to our app that sends logs from the app to the SIEM directly. The only question is, should we use UDP or TCP to send the logs? My preference is to use TCP because of the reliability, but what happens if the SIEM goes offline — won’t that cause our app to block, thus slowing down our entire system? I am very curious about how other companies handle this situation. I have read a few guides online, and most recommend TCP because of the reliability but none address the blocking issue.