Docker allows logs to be sent unencrypted to a remote log system. Encryption plays a minor role on the intranet, but what if you want to send logs via the web?
Graylog is a log aggregation tool that makes it easy to read and analyze logs due to its Elasticsearch or Opensearch implementation. Unfortunately it is not possible to exchange Graylog with old known tools like rsyslog. Rsyslog uses UDP as protocol, which is basically unencrypted (exception QUIC).
One of the main points of attack is the SSH interface. Script kiddies love an open SSH port.