Skip to content

FAQ

Frequently asked questions about LuceDev Syslog Server.

General

What is LuceDev Syslog?

LuceDev Syslog Server is a lightweight syslog collector for Windows. It receives syslog messages from network devices (firewalls, switches, servers, etc.), stores them in a local database, and provides a web dashboard for viewing, searching, and exporting logs.

What devices can send logs to it?

Any device that supports standard syslog (RFC 3164 or RFC 5424) over UDP or TLS/TCP. This includes most firewalls (pfSense, Fortinet, Palo Alto, Cisco), switches, Linux servers, Windows servers (with a syslog agent), and many other network devices.

Is there a Linux version?

Not yet. A Linux version with systemd integration is in development. Currently, only Windows is supported.

Licensing

How does the trial work?

Every download includes a 7-day free trial with full access to all features. No credit card required. After 7 days, the application locks until a license key is entered.

How much does a license cost?

$299 per year, per server. Includes all features and updates. Purchase at lucedev.com/products/lucedev-syslog.

What happens when my license expires?

The application stops accepting new logs until the subscription is renewed. Your existing data remains intact and accessible.

Can I use one license on multiple servers?

No. Each license key is valid for one server installation. Contact us for volume pricing if you need multiple licenses.

Data & Storage

Where is my data stored?

Everything is stored locally on the server. The SQLite database is in the data folder, log archives are in archives, and certificates are in certs. No data is sent to LuceDev or any cloud service.

How much disk space do I need?

Depends on your log volume. As a rough guide: 500K logs/day uses about 250 MB of database space per month. With archival enabled, compressed archives use about 6% of the original size. See System Requirements for details.

Can I back up the database?

Yes. The database file is data\syslog.db. You can copy it while the service is running — SQLite handles concurrent access safely. For a clean backup, stop the service first.

Security

Is my data encrypted?

  • In transit: Yes, when using TLS syslog (port 6514) and HTTPS
  • At rest: The SQLite database is not encrypted on disk. Use Windows BitLocker for full-disk encryption if required

Who can access the dashboard?

Only authenticated users. The dashboard requires a username and password. Access is controlled through role-based permissions (Admin, Viewer, Auditor).

Is there an audit trail?

Yes. Every login, setting change, user action, and export is recorded in the audit trail. Auditors and admins can view the full audit log from the dashboard.

Technical

What port does the dashboard use?

TCP 5000 by default. You can change this in Settings → Server.

Can I run it alongside another web server?

Yes, as long as there are no port conflicts. Change the dashboard port to something other than 80/443 if you have IIS or another web server running.

Does it support syslog over TCP (non-TLS)?

Currently, syslog is received over UDP (standard) and TCP with TLS. Plain TCP without encryption is not supported — if you need TCP transport, enable TLS.

How do I send Windows Event Logs to it?

Windows doesn't have a built-in syslog sender. You'll need a third-party syslog agent like NXLog (free Community Edition available) or Snare to forward Windows events as syslog messages.