Skip to content

Reference

Ports & Firewall

LuceDev Syslog uses four well-known ports by default. The installer configures host firewall rules automatically; if you change a port, you'll need to add the matching rule yourself.

Default ports

Service Protocol Port Description
Syslog (UDP) UDP 514 Standard RFC 3164 receiver
Syslog (TLS) TCP 6514 RFC 5425 TLS-encrypted receiver
Web Dashboard TCP 5000 HTTP — always running
HTTPS TCP 5001 HTTPS — optional, runs additively

All ports are configurable from Settings → Server. The server validates that HTTP, HTTPS, and TLS-syslog ports are unique on save.

Firewall rules added by the installer

The installer creates three Windows Firewall rules automatically:

Rule Name Protocol Port
LuceDev Syslog - UDP 514 UDP 514
LuceDev Syslog - TLS 6514 TCP 6514
LuceDev Syslog - Web Dashboard TCP 5000

Each rule is created idempotently — if it already exists (from a prior install) the installer skips it.

The installer adds three UFW rules only if ufw is installed:

Protocol Port Description
UDP 514 Syslog receiver
TCP 6514 TLS syslog
TCP 5000 Web dashboard

If ufw is not installed, the installer prints the equivalent commands to run manually using your firewall of choice.

UFW must be enabled to enforce the rules

Adding rules to UFW doesn't enable UFW — that's a separate step. Run sudo ufw enable to actually enforce. Until UFW is enabled, the rules sit dormant.

HTTPS port (5001) is not in the default firewall rules

Because HTTPS is off by default, the installer does not open TCP 5001. When you enable HTTPS in Settings → Server, add the rule manually:

netsh advfirewall firewall add rule name="LuceDev Syslog - HTTPS 5001" dir=in action=allow protocol=TCP localport=5001

sudo ufw allow 5001/tcp comment "LuceDev Syslog - HTTPS"

Changing a default port

If you change a port in Settings → Server, the restart confirmation dialog warns you to update firewall rules.

# Add a rule for a custom HTTP port
netsh advfirewall firewall add rule name="LuceDev Syslog - Web Custom" dir=in action=allow protocol=TCP localport=8443

# Remove an existing rule
netsh advfirewall firewall delete rule name="LuceDev Syslog - Web Dashboard"

# List LuceDev firewall rules
netsh advfirewall firewall show rule name=all | findstr "LuceDev"

# Add a rule for a custom dashboard port
sudo ufw allow 8443/tcp comment "LuceDev Syslog - Web Custom"

# Add a rule for a custom syslog UDP port
sudo ufw allow 1514/udp comment "LuceDev Syslog - UDP custom"

# Remove a rule
sudo ufw delete allow 5000/tcp

# List active rules
sudo ufw status

Upstream network firewalls

If you have a network firewall (pfSense, Fortinet, Palo Alto, Cisco ASA, etc.) between your syslog sources and the server, allow:

Source Destination Protocol Port
Syslog devices Syslog server UDP 514
Syslog devices Syslog server TCP 6514 (if TLS enabled)
Admin workstations Syslog server TCP 5000 (and 5001 if HTTPS)

For LuceDev-hosted deployments on VLAN 60, the only outbound destinations the server needs from its segment are:

  • VLAN 50 SMTP (notifications)
  • lucedev.com (license validation and update checks)

Everything else can be denied.