Return to
Portfolio

91. Synology DiskStation

The Synology DiskStation is a Linux-based Network-attached storage (NAS) appliance. It runs syslog-ng and is capable of forwarding logs to a remote Syslog via UDP or TCP, including an option for SSL. Configuration is performed via the web interface.

Note
 The steps below have been tested with DSM 5.2 and should work with newer versions as well.

  1. Configure NXLog to receive log entries over the network and process them as Syslog (see the TCP example below). Then restart NXLog.

  2. Make sure the NXLog agent is accessible from DiskStation device being configured.

  3. Log in to the DiskStation web interface.

  4. Go to Log Center  Log Sending.

  5. Under the Location tab, specify the Syslog server, port, protocol, and log format. Enable and configure SSL if required.

    Syslog configuration

  6. Click Apply.

Example 377. Receiving DiskStation Logs via TCP

This configuration uses the im_tcp module to collect the DiskStation logs via TCP. A JSON output sample shows the resulting logs as received and processed by NXLog.

nxlog.conf [Download file]

  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20


  
<Extension _syslog>
    Module  xm_syslog
</Extension>

<Extension _json>
    Module  xm_json
</Extension>

<Input in>
    Module  im_tcp
    Host    0.0.0.0
    Port    1514
    Exec    parse_syslog();
</Input>

<Output out>
    Module  om_file
    File    "/var/log/synology.log"
    Exec    to_json();
</Output>
Output Sample
{
  "MessageSourceAddress": "192.168.4.20",
  "EventReceivedTime": "2017-07-28 18:30:04",
  "SourceModuleName": "in_syslog_tcp",
  "SourceModuleType": "im_tcp",
  "SyslogFacilityValue": 1,
  "SyslogFacility": "USER",
  "SyslogSeverityValue": 6,
  "SyslogSeverity": "INFO",
  "SeverityValue": 2,
  "Severity": "INFO",
  "Hostname": "DiskStation1",
  "EventTime": "2017-07-28 18:30:02",
  "Message": "Connection PWD\\sql_psqldw1:\tCIFS client [PWD\\sql_psqldw1] from [192.168.15.138(IP:192.168.15.138)] accessed the shared folder [db_backup]."
}
{
  "MessageSourceAddress": "192.168.4.20",
  "EventReceivedTime": "2017-07-28 18:29:48",
  "SourceModuleName": "in_syslog_tcp",
  "SourceModuleType": "im_tcp",
  "SyslogFacilityValue": 1,
  "SyslogFacility": "USER",
  "SyslogSeverityValue": 6,
  "SyslogSeverity": "INFO",
  "SeverityValue": 2,
  "Severity": "INFO",
  "Hostname": "DiskStation1",
  "EventTime": "2017-07-28 18:29:56",
  "Message": "System Test message from Synology Syslog Client from (0.240.175.244)"
}

← Previous: Symantec Endpoint Protection | ↑ Up: Integration | ⌂ Home: NXLog User Guide | Next: Syslog →