Synology DiskStation

The Synology DiskStation is a Linux-based Network-attached storage (NAS) appliance. The Synology NAS runs syslog-ng and is capable of forwarding logs to a remote Syslog via UDP or TCP, including an option for SSL. Configuration is performed via the web interface.

NXLog Agent can be configured to collect Synology logs.

The steps below have been tested with DSM 5.2 and should work with newer versions as well.

Configure NXLog Agent to receive log entries over the network and process them as Syslog (see the TCP example below). Then restart NXLog Agent.
Make sure NXLog Agent is accessible from DiskStation device being configured.
Log in to the DiskStation web interface to configure the Synology Syslog server service.
Go to Log Center > Log Sending.
Under the Location tab, specify the Syslog server, port, protocol, and log format. Enable and configure SSL if required.
Click Apply.

Example 1. Receiving DiskStation logs via TCP

This configuration uses the im_tcp module to collect the DiskStation logs via TCP. A JSON output sample shows the resulting logs as received and processed by NXLog Agent.

nxlog.conf

<Extension _syslog>
    Module  xm_syslog
</Extension>

<Extension _json>
    Module  xm_json
</Extension>

<Input in>
    Module  im_tcp
    Host    0.0.0.0
    Port    1514
    Exec    parse_syslog();
</Input>

<Output out>
    Module  om_file
    File    "/var/log/synology.log"
    Exec    to_json();
</Output>

Output sample

{
  "MessageSourceAddress": "192.168.4.20",
  "EventReceivedTime": "2017-07-28 18:30:04",
  "SourceModuleName": "in_syslog_tcp",
  "SourceModuleType": "im_tcp",
  "SyslogFacilityValue": 1,
  "SyslogFacility": "USER",
  "SyslogSeverityValue": 6,
  "SyslogSeverity": "INFO",
  "SeverityValue": 2,
  "Severity": "INFO",
  "Hostname": "DiskStation1",
  "EventTime": "2017-07-28 18:30:02",
  "Message": "Connection PWD\\sql_psqldw1:\tCIFS client [PWD\\sql_psqldw1] from [192.168.15.138(IP:192.168.15.138)] accessed the shared folder [db_backup]."
}
{
  "MessageSourceAddress": "192.168.4.20",
  "EventReceivedTime": "2017-07-28 18:29:48",
  "SourceModuleName": "in_syslog_tcp",
  "SourceModuleType": "im_tcp",
  "SyslogFacilityValue": 1,
  "SyslogFacility": "USER",
  "SyslogSeverityValue": 6,
  "SyslogSeverity": "INFO",
  "SeverityValue": 2,
  "Severity": "INFO",
  "Hostname": "DiskStation1",
  "EventTime": "2017-07-28 18:29:56",
  "Message": "System Test message from Synology Syslog Client from (0.240.175.244)"
}

Disclaimer

While we endeavor to keep the information in our guides up to date and correct, NXLog makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability, or availability of the content represented here. We update our screenshots and instructions on a best-effort basis.

Last revision: 17 September 2018