TLS & HTTPS¶

LuceDev Syslog supports encrypted syslog transport (TLS) and HTTPS for the web dashboard.

TLS Syslog (TCP 6514)¶

TLS syslog encrypts log messages in transit, preventing eavesdropping on your network.

Enable TLS Syslog¶

1. Go to Settings → Server
2. In the TLS Syslog section, toggle TLS to enabled
3. Upload or paste your certificate and private key files
4. Click Save Changes
5. Restart the service when prompted

Certificate Requirements¶

• Format: PEM (.pem, .crt, .cer)
• Private key: PEM format (.pem, .key), unencrypted
• The certificate should be valid for the server's hostname or IP

Configure Devices¶

Point your devices to send TLS syslog on TCP port 6514:

HTTPS Dashboard¶

Serve the web dashboard over HTTPS for secure browser access.

Enable HTTPS¶

1. Go to Settings → Server
2. Toggle HTTPS (Web Dashboard) to enabled
3. Upload or paste your certificate and private key
4. Click Save Changes
5. Restart the service

After restart, access the dashboard at https://<server-ip>:5000.

Shared Certificates¶

You can use the same certificate for both TLS syslog and HTTPS, or use separate certificates for each.

Generating a Self-Signed Certificate¶

If you don't have a certificate, you can generate a self-signed one using OpenSSL:

# Install OpenSSL (if not installed), or use Git Bash which includes it
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=syslog.yourdomain.com"

This creates cert.pem (certificate) and key.pem (private key) valid for 1 year.

Certificate Management¶

From Settings → Server, you can:

• Upload certificate and key files using the file picker
• Paste PEM content directly
• Remove certificates to revert to unencrypted mode
• View the current certificate status (configured vs. not configured)