User Guide
Settings¶
The Settings page is where you configure every aspect of the server — ports, TLS, retention, email, notifications, users, and maintenance. It's available to admin users only, from the top navigation bar.
Tab overview¶
| Tab | What it covers | Service restart? |
|---|---|---|
| License | Activate, deactivate, and re-check the license key | No |
| Database | Retention, archival toggle, maintenance, archives | No |
| Server | Web ports, syslog ports, HTTPS, TLS syslog | Yes |
| Email (SMTP) | Outbound SMTP configuration and test email | No |
| Notifications | Severity alerts, login alerts, recipients, cooldown | No |
| Users | Create, edit, reset passwords, delete users | No |
| About | Version, trial status, manual update check | No |
Most settings save instantly via AJAX with a green "✓ Saved" confirmation. Only the Server tab requires a service restart because changes there alter the listening ports or TLS material.
Server settings (restart required)¶
| Setting | Default | Notes |
|---|---|---|
| Web interface host | 0.0.0.0 | Bind address for HTTP and HTTPS |
| Web interface port | 5000 | HTTP — always runs as a safety net |
| HTTPS enabled | Off | Independent listener; HTTP keeps running |
| HTTPS port | 5001 | Separate from HTTP port |
| HTTPS certificate + key | — | PEM, paste or "Use Syslog Cert" to share material |
| Syslog host | 0.0.0.0 | UDP and TLS-TCP listeners share this bind |
| Syslog UDP port | 514 | Standard RFC 3164 receiver |
| Syslog TLS enabled | Off | TCP listener wrapped in TLS |
| Syslog TLS port | 6514 | Separate from UDP |
| Syslog TLS cert + key | — | PEM; can be generated in-product |
The server validates all port assignments to make sure HTTP, HTTPS, and TLS-syslog are unique — you'll get a clear error if you try to save a conflict.
Pending restart indicators¶
When you save a server setting, a yellow Pending restart badge appears next to every field that differs from the running server. A banner at the top of the Server tab reinforces this.
Restarting the service¶
Click Restart Service in the Server tab. A confirmation modal appears — if you're running non-default ports, the modal also warns you about firewall rules.
On confirm:
- The restart command is dispatched
- A full-screen overlay polls until the service is reachable again
- The page auto-reloads when the dashboard comes back
On Linux this runs systemctl restart lucedev-syslog. On Windows the dashboard schedules a one-shot Windows Task Scheduler task (running as SYSTEM) that issues net stop + net start, since a detached batch script would itself be killed when the service stops.
Changed the dashboard port?
If you changed the HTTP or HTTPS port, the overlay redirects to the new URL after restart.
Database¶
The Database tab covers retention, archival, and maintenance.
Retention¶
- Keep logs for (days) — anywhere from 7 to 90. Logs older than this are removed at the next hourly cleanup cycle.
- Default is 30 days.
- Changing the value triggers a retention preview that tells you how many logs would be deleted before the change takes effect.
- Save is instant — no restart.
Archival¶
- Archive before deleting — when on (default), expired logs are compressed to monthly gzipped CSV files in
archives/before being removed. - Run archive now — manually trigger the archival job (also runs hourly).
Archive files are listed in the same tab. You can download or delete them individually. See Archival & Retention for details.
Maintenance¶
The Database tab also exposes three maintenance buttons that operate on the SQLite store directly:
- VACUUM — reclaims unused disk space after large deletes. Returns megabytes saved.
- ANALYZE — refreshes the query planner statistics; useful after large data changes.
- Rebuild stats cache — recomputes the cached counters used by the dashboard (total log count, per-host counts, per-severity counts). Use this if the dashboard counters look wrong after an archival or migration.
All three are logged in the audit trail.
Email (SMTP)¶
Configure outbound mail for notifications and the Test email button.
| Field | Description |
|---|---|
| SMTP host | Mail server hostname (e.g. smtp.gmail.com) |
| SMTP port | Typically 587 (STARTTLS) or 465 (SSL) |
| Username | SMTP authentication username |
| Password | SMTP authentication password |
| From email | "From" address on outgoing messages |
| Use TLS | Enable STARTTLS |
The Test email button sends a one-off message to a recipient you specify. Auth failures, connection failures, recipient refusals, and timeouts all surface as inline error flashes (and are recorded in the audit trail).
See Email Notifications for the alert rules.
Notifications¶
- Login alerts — email on every successful and failed dashboard login
- Severity alerts — email when a syslog message of a selected severity arrives. All eight severities are selectable (Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug). Default is Emergency / Alert / Critical.
- Recipients — comma-separated email list
- Cooldown — minimum minutes between repeat alerts for the same
host:severitypair (default5). Set to0to disable cooldown.
Users¶
Create and manage user accounts. See User Management for the full guide.
About¶
- Version and platform
- Trial status — start date, expiration, days remaining (when applicable)
- Check for updates — manually hit lucedev.com and surface the current latest version with a download link
- Support — link to docs.lucedev.com
The application also performs a silent update check once per day for admin users; when a newer version is available, a blue banner appears at the top of every page with a download link.