For Critical Infrastructure
Log collection for air-gapped OT networks. Built in Rust โ the memory-safe language recommended by CISA, NSA, and the EU Cyber Resilience Act for critical infrastructure.
64M
events/sec
84ns
latency
2.8 MB
binary
0
CVEs
Built by the founder of Logpoint ยท Self-host anywhere
These are the vulnerability classes behind the CVE lists of Splunk, Elastic, Wazuh, and every C, C++, and Java-based collector deployed in OT environments today. In Tell, they are rejected at compile time โ they do not exist in the shipped binary.
70%
of Microsoft CVEs are memory safety vulnerabilities
Microsoft MSRC, 2019
67%
of Chrome critical vulnerabilities are memory safety
Google Project Zero
76% โ 24%
Android memory safety bugs after Rust adoption
Google, 2024
Copy to host. Point at config. Run. No internet, no license server, no telemetry, no runtime dependencies. Tell runs indefinitely on isolated networks.
No outbound connections. License validated locally via JWT token. Telemetry disabled by config. Local disk retention with LZ4 compression. Runs indefinitely on isolated networks.
Multi-tenant by design. API key authentication with isolated storage paths and metrics per customer. One instance, strict data separation. Built for MSSPs and shared SOCs.
The OT collector ships only the components it needs: syslog ingest, disk storage, optional forwarding. 2.8 MB binary. Code that isn't included cannot be exploited.
The Rust SDK extends memory-safety guarantees from instrumentation to storage โ the fastest and most secure integration path. SDKs also available in C++, Go, Swift, JavaScript, and Flutter.
ot-collector ยท 2.8 MB
TCP + syslog ingest, local disk with LZ4 and hourly rotation, optional forwarding. For edge nodes on isolated networks.
ot-forwarder ยท 2.5 MB
TCP + syslog ingest, relay upstream with retry and keepalive. No local storage. Minimal relay for zone boundaries.
full ยท single instance
One instance, multiple customers. API key isolation, workspace-scoped routing, per-tenant storage. For MSSPs and shared SOCs.
# config.toml
[global]
num_processors = 4
batch_size = 500
api_keys_file = "apikeys.conf"
[[sources.syslog_tcp]]
address = "127.0.0.1"
port = 514
[[sinks.disk_binary]]
path = "/var/log/tell"
rotation = "hourly"
compression = "lz4"
[telemetry]
enabled = false # air-gapped
Human-readable configuration. Errors caught before the binary runs. Every source has a configurable bind address. Fixed processor count for predictable resource usage.
disk_binary โ LZ4, high throughput, hourly/daily rotation
disk_plaintext โ Human-readable, split by type
parquet โ Columnar, compressed
arrow_ipc โ Columnar, queryable
forwarder โ Relay upstream with retry and keepalive
The EU Cyber Resilience Act requires security by design and supply chain transparency. NIS2 mandates incident logging and retention. IEC 62443 requires minimal functionality โ only necessary components in deployed systems.
Full analysis in the technical whitepaperSecurity by design
Built in a memory-safe language. Zero CVEs in production releases. Vulnerability classes eliminated structurally, not by policy.
Minimal functionality
OT build profiles include only required components. Analytics, HTTP endpoints, UI, and connectors are excluded from the binary โ not disabled, absent.
Supply chain transparency
CycloneDX SBOM generated per build profile. Every dependency traceable. Pinned toolchain for reproducible builds.
Deterministic operation
No garbage collection pauses. Sub-millisecond latency. Graceful shutdown with atomic file rotation.
Throughput by source
Resource guarantees
Memory: bounded, configurable ceiling
CPU: predictable, no spikes
Latency: sub-millisecond P99
Network: backpressure, retry, keepalive
Revenue-based pricing โ all features included, no per-seat fees.