Skip to content

User Guide

Email Notifications

The server can send email alerts when syslog messages of a configured severity arrive, and when users log into the dashboard. SMTP is configured once; rules and recipients are managed separately.

SMTP configuration

Go to Settings → Email (SMTP) and fill in your outbound mail server:

Field Example
SMTP host smtp.gmail.com
SMTP port 587
Username [email protected]
Password App password
From email [email protected]
Use TLS Enabled

Settings save instantly — no service restart.

Gmail and Microsoft 365

Both providers require an App Password (Gmail) or SMTP AUTH explicitly enabled on the mailbox (Microsoft 365). Standard account passwords no longer work for SMTP on either platform.

Test the configuration

Use the Test email field on the Email tab to send a one-shot message to any address. Errors surface inline:

  • Authentication failure
  • Connection refused / TCP timeout
  • Recipient refused
  • TLS handshake failure

Every test send is recorded in the audit trail along with the recipient and outcome.

Notification rules

Configure the rules in Settings → Notifications.

Login alerts

Toggle on Notify on login to send an email for every dashboard login attempt — both successful and failed. The email includes:

  • Username
  • IP address of the attempt
  • Success or failure
  • Timestamp

Useful when the dashboard is exposed beyond your trusted network, or for SOC visibility on admin access.

Severity alerts

Toggle on Notify on severity to alert when a syslog message of a selected severity arrives. All eight severities are individually selectable:

  • Emergency
  • Alert
  • Critical
  • Error
  • Warning
  • Notice
  • Informational
  • Debug

The default selection is Emergency / Alert / Critical — appropriate for production. Selecting all eight would alert on virtually every message, so be deliberate about which severities matter.

The email includes the host, severity, time, and the first 500 characters of the message body.

Recipients

Enter one or more email addresses, comma-separated:

[email protected], [email protected]

All recipients receive every triggered alert.

Cooldown

The cooldown value (in minutes) is the minimum time between repeat alerts for the same host:severity (or ip:login_status) pair.

  • Default: 5 minutes
  • Set to 0 to disable cooldown entirely (every matching message sends an email — use with caution on noisy networks)

Cooldown is tracked per pair, so an Emergency from host A and an Emergency from host B fire independently — only repeat alerts of the same pair are throttled.

How alerts are sent

Emails go out from a background thread, fire-and-forget — the syslog handler doesn't block waiting for SMTP. If SMTP is slow or unreachable, log ingestion continues uninterrupted; the alert simply fails to send and the error is logged.

Troubleshooting

If alerts aren't arriving:

  1. Verify SMTP credentials with the Test email button on the Email tab.
  2. Check spam / junk folders.
  3. Confirm the SMTP host allows connections from the syslog server's IP (Gmail and Microsoft 365 do; some self-hosted relays restrict by source).

  4. Check the application logs for SMTP errors:

    C:\Program Files\LuceDev Syslog\logs\lucedev.log

    /var/log/lucedev-syslog/lucedev.log

  5. Confirm the From email is allowed to send from your SMTP relay. Many providers reject sends if From doesn't match the authenticated user.