Synology as a Centralized Log Server

I have several systems that run constantly and other just as needed. One thing I really wanted was a centralized logging server. I could have configured a syslog server on my Red Hat mini for example but since I already had a Synology why not use it for this. I have ample storage space and the interface on Synology makes it perfect for home use. Obviously there are more robust solutions out there but for what I need its fine.

First things first

The first thing you will need to do is setup the receiver on the Synology for Log Center. Once you click on the Log Center icon you will get the management window. Here you configure Log Recieving. You will need to configure: Name, Log Format, Rule (optional), Protocol and Port.

Starting Log Center

Next click on Log Center

Log Receiving Configuration

In my example I already had it configured so I am just editing. As a new entry it will look the same but your values may be different. In my example I chose the following:

Name: Server
Log format: BSD format
Rule parameters: None 
Transfer protocol: UDP
Port: 514

The next thing you will want to do is to set the criticality level of the information you want to receive. In my example I have chosen severity level: Critical, Alert, Emergency. Keep in mind if you are getting alerts you don’t deem necessary you can add “Rule Parameters” under the “Log Receiving” settings. You can also limit what is sent on the client side as well in the /etc/syslog.conf or /etc/rsyslog.conf file depending on what Linux, Unix or macOS you have.

Severity Level

Okay we are now done with the receiving side now lets setup the clients.

Forward Syslog Data to Receiver

macOS Example

In this example I will show where and what to setup for macOS. In my case I am sending out everything but you can limit what you send if you like by changing “*.*” to something like: “authpriv.*;” for Linux. Below for macOS I am sending everything to the receiving host:


vi /etc/syslog.conf
# syslog.conf
# Note that flat file logs are now configured in /etc/asl.conf
install.* @
# used for the adaptive firewall: man
auth.*                                @  
# To send everything to Log server
*.*       @ 

Once we are satisfied we will need to restart the syslog daemon.

# sudo launchctl stop /System/Library/LaunchDaemons/
# sudo launchctl start /System/Library/LaunchDaemons/

Let’s test it to see if it works?

We can now test it. Open a terminal on the macOS client and enter the following:

# logger -s -p Testing macOS forwarding
Testing macOS forwarding

If everything worked correctly within a minute or so you should see your test alert. If you don’t see it right away hit the refresh button “bottom right”

Logs display

If everything looks good you can setup a forwarder on LInux of you like or have it. Below is an example on how to do this.

Red Hat 7+ rsyslogd Example

The rsyslog.conf file resides in /etc. Backup then edit the config file:

# cp -p /etc/rsyslog.conf /etc/rsyslog.conf.`date +%m%d%y`
# vi /etc/rsyslog.conf

In our case we are just going to change two line and send everything out.

Ensure that any line that logs to a file other than the security log (generally /var/log/secure or /var/adm/secure) does not include the security facilities (auth, authpriv (Linux only), and security (AIX only)). For example, a Linux system with a general logging line such as this:

*.info;mail.none;cron.none  /var/log/messages Would become:         *.info;mail.none;cron.none;auth.none;authpriv.none  /var/log/messages 

Also add the following line to send out everything you can change this once you have tested if you want to restrict what is sent.

# Send everything to Synology 
*.*                                              @

Once you have it they way you want it go ahead and restart the rsyslog daemon.

# systemctl restart rsyslog
# systemctl status rsyslog
 rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-04-26 09:11:11 EDT; 7s ago
     Docs: man:rsyslogd(8)
 Main PID: 18527 (rsyslogd)
    Tasks: 3
   CGroup: /system.slice/rsyslog.service
           └─18527 /usr/sbin/rsyslogd -n

Apr 26 09:11:11 rhminisrv.localdomain systemd[1]: Starting System Logging Ser...
Apr 26 09:11:11 rhminisrv.localdomain rsyslogd[18527]:  [origin software="rsy...
Apr 26 09:11:11 rhminisrv.localdomain systemd[1]: Started System Logging Serv...
Hint: Some lines were ellipsized, use -l to show in full.

Now we can test it, on the Linux server enter the following:

# logger -s -p Testing Redhat7 forwarding
andy: Testing Redhat7 forwarding
Error shown from Redhat server

If you don’t see this go ahead and close Log Center and reopen. If everything was setup correctly you will see messages start coming through. Thats it!