Synology DiskStation
The Synology DiskStation is a Linux-based Network-attached storage (NAS) appliance. The Synology NAS runs syslog-ng and is capable of forwarding logs to a remote Syslog via UDP or TCP, including an option for SSL. Configuration is performed via the web interface.
NXLog Agent can be configured to collect Synology logs.
The steps below have been tested with DSM 5.2 and should work with newer versions as well. |
-
Configure NXLog Agent to receive log entries over the network and process them as Syslog (see the TCP example below). Then restart NXLog Agent.
-
Make sure NXLog Agent is accessible from DiskStation device being configured.
-
Log in to the DiskStation web interface to configure the Synology Syslog server service.
-
Go to Log Center > Log Sending.
-
Under the Location tab, specify the Syslog server, port, protocol, and log format. Enable and configure SSL if required.
-
Click Apply.
This configuration uses the im_tcp module to collect the DiskStation logs via TCP. A JSON output sample shows the resulting logs as received and processed by NXLog Agent.
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _json>
Module xm_json
</Extension>
<Input in>
Module im_tcp
Host 0.0.0.0
Port 1514
Exec parse_syslog();
</Input>
<Output out>
Module om_file
File "/var/log/synology.log"
Exec to_json();
</Output>
{
"MessageSourceAddress": "192.168.4.20",
"EventReceivedTime": "2017-07-28 18:30:04",
"SourceModuleName": "in_syslog_tcp",
"SourceModuleType": "im_tcp",
"SyslogFacilityValue": 1,
"SyslogFacility": "USER",
"SyslogSeverityValue": 6,
"SyslogSeverity": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "DiskStation1",
"EventTime": "2017-07-28 18:30:02",
"Message": "Connection PWD\\sql_psqldw1:\tCIFS client [PWD\\sql_psqldw1] from [192.168.15.138(IP:192.168.15.138)] accessed the shared folder [db_backup]."
}
{
"MessageSourceAddress": "192.168.4.20",
"EventReceivedTime": "2017-07-28 18:29:48",
"SourceModuleName": "in_syslog_tcp",
"SourceModuleType": "im_tcp",
"SyslogFacilityValue": 1,
"SyslogFacility": "USER",
"SyslogSeverityValue": 6,
"SyslogSeverity": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "DiskStation1",
"EventTime": "2017-07-28 18:29:56",
"Message": "System Test message from Synology Syslog Client from (0.240.175.244)"
}