This article walks you through the steps that are needed to get the Log messages from your Synology NAS out and into a Splunk instance.
For the sake of simplicity I assume in this example that the IP address of the Synology NAS is 192.168.10.99 and that the IP of the Server running is 192.168.10.200
1) Prepare Splunk
First let’s prepare Splunk to receive syslog messages
Click on Manager
Select “Data Inputs”
Click “Add New” for UDP
Enter the Port number (let’s use the standard 9998)
Select “syslog” as source type
Click “Save”
2) Prepare your Synology NAS
Login to the NAS and click on “System Information”
There you should see the model name in the second line – write it down
Click on “Control Panel”
And then on “Terminal”
Make sure “Enable SSH service” is checked
You can now quit the DSM.
3) Get the Bootstrap
4) On to the Synology NAS
Start a Terminal application and log into the NAS
ssh root@192.168.10.99
Type your admin password and reply with “yes” if needed (only the first time you connect)
You’re in…
5) Installing IPKG
Type wget and paste the link of the xsh file that you copied before and hit enter.
DiskStation> wget http://wizjos.endofinternet.net/synology/archief/syno-mvkw-bootstrap_1.2-7_arm-ds111.xsh
After the download is done, type
DiskStation> sh
(sh with a space) and then the TAB key
this should result in something like
DiskStation> sh syno-mvkw-bootstrap_1.2-7_arm-ds111
Hit enter and IPKH gets installed
Finally you’ll have to update the packages list, type
DiskStation>ipkg update
DiskStation>ipkg upgrade
6) Install the Packages
Install the Nano text editor (if you master vi, you can skip this step, but you probably wouldn’t be here 
. Type
DiskStation> ipkg install nano
Then install syslog-ng by typing
DiskStation> ipkg install syslog-ng
7) Adapt the configuration
Open the configuration file by typing (you can speed this up this by using the TAB key to autocomplete)
DiskStation> nano /opt/etc/syslog-ng/syslog-ng.conf
Scroll down to the Destination Section and enter a new destination (put here the IP Address and Port of your Splunk server)
destination splunk { udp(“192.168.10.200″ port(9998)); };
Scroll down to the Log Section and enter a new log command (you can also use filters, but I prefer to do this in Splunk)
log { source(src); destination(splunk); };
Click
CTRL-O (to save hit Enter)
CTRL-X (to quit)
Start logging
Start Syslog by typing
syslog-ng
Check that there is a connection to your Splunk server by typing
netstat
You should see an entry for the connection to Splunk
Finally Using Splunk
Select Search
You should see the IP Address of the Synology NAS with a growing number of Events
If you click on the IP Address you apply a filter to see only messages from this host
That’s it, enjoy.
See the Splunk website for more information.
