Editing
How to make your NAS a SYSLOG Server
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Should I be interested in Logging System Messages of other devices== This depends on: your desire and ability to post analyse System messages, the type of network devices you have, and the spare processing capability of your Synology NAS. Most companies log system messages of the devices on their networks. The recorded SysLog data is often very important in diagnosing faults or identifying hackers attempts to breach network security. Large networks would normally have PC's dedicated as SysLog servers. This is because some devices such as a busy Web Server can produce 500,000+ system messages an hour, multiply this by many devices working 24/7 and the logging load on a SysLog server can be large. At the other end of the scale, a home or SOHO router firewall may only produce 1,000-100,000 system messages a day. As the processing power of Synology's NAS's varies significantly from old models to the latest, the amount of system messages they can receive and log as a SysLog Server also varies significantly. Having said that I believe all of Synology's old and current models should be able to log the messages from a single device such as a home/SOHO router. My CS407 and DS207+ comfortably cope with all of my SOHO routers system messages (firewall, status, etc) which amounts to about 70,000 messages per day. It does this whilst also doing everything else I ask of it, including streaming FLAC files, and running surveillance station at the same time. Obviously if you have an older model which only just copes with streaming music/video then asking it to act as a SysLog Server could significantly impact its ability to perform other tasks. If acting as a SysLog Server adversely affects your NAS's performance it is easy to turn off this functionality or uninstall the software as detailed below. ===How do I analyse System Message logs=== As the number of messages received by a SysLog server can be large (as discussed above) it is very beneficial to a) only collect the data you might be interested in and then filter/sort/group that data as it is received, and then b) use some form of data filtering and grouping software to analyse the logged data. ====Only collect the messages you are interested in==== Most devices that send out System Messages to a SysLog server will allow you select the types of messages to be sent. For instance a router may enable you to individually select items like: firewall log, VPN Log, User Access Log, Call Log, WAN Log, Router/DSL log, etc. However if the sending device does not provide sufficient control then syslog-ng provides many tools for processing messages on receipt. syslog-ng enables you to set criteria for messages to be droped (not logged) or if they are to be kept you can set criteria for them to be stored in various specific log files. See the syslog-ng documentation for how to do this. ====Software to help analyse logged messages==== There are many packages to do this, my personal favourite is [http://www.splunk.com/ Splunk!]. For home type use it is free. Splunk is very powerful and can also turn your PC into a SysLog Server (if your PC is on 24/7 then consider using splunk! for all your needs rather than using your NAS as the SysLog Server). Whether your PC or your NAS is the SysLog server, Splunk! provides very comprehensive filtering and analysis tools for analysing SysLog data.
Summary:
Please note that all contributions to wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Wiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Namespaces
Page
Discussion
British English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information