Send logs from Synology DSM to Logstash

It is easy to send and parse Synology DSM logs into Elasticsearch with Logstash.

Configure Logstash

input {
    syslog {
        port => PORT
        type => "RFC3164"
        tags => ["syslog", "synology"]
    }
}

output {
    if "synology" in [TAGS] {
        elasticsearch {
            hosts => localhost
            index => "synology-%{+YYYY.MM}"
        }
    }
}

Remember to open PORT TCP/UDP in firewalls. I used 5140 as PORT.

Enable sending logs from Synology DSM to Logstash

Install Log Center from the Packge Center.

From Log Center -> Log Sending – Enable Send logs to a syslog server

  • Server: LOGSTASHIP
  • Port: PORT
  • Transfer protocol: TCP
  • Log format: BSD (RFC 3164)

I prefer TCP but you can also send with UDP.

One thought on “Send logs from Synology DSM to Logstash

  1. How to view data in kibana?
    if you added my Configure Logstash parts into your logstash, your logs should be already in elasticsearch.
    Since DSM is using know logging format, i just used syslog module in logstash and specified that logging format type is RFC3164. So no need to grok.
    Notice that in my configuration elasticsearch is on the same server as logstash.

    Now to view data in kibana.
    Management -> Kibana Index patterns -> Create index pattern -> Index pattern: synology-*
    Time Filter field name: @timestamp (this means time elasticsearch got the information, not time on the log. You can change this later if you want)
    Now you should have synology-* index in kibana. And elasticsearch indexes are as specified in logstash output example: synology-2020.01
    I use monthly elasticsearch indexes because not alot of data and i dont want too many small shards in elasticsearch.

    Like

Leave a Reply to villekri Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.