====== Synology Syslog ====== Synology don't use the common syslog tools such as rsyslogd but instead push logs to a SQLITE3 database, a number of databases actually and this makes querying these harder, but far more powerful than a series of piped greps. The syslog databases can be found in **/var/log/synolog** There are a number of different database files and we'll go through each of them because they have different columns and data. We assume you have some basic knowledge of sqlite3 and SQL in general. Spool up sqlite3 with the command; sqlite3 then open your database of choice with the command .open .DATABASE_FILE_NAME ===== .SYNOSYSLOGDB ===== The single table in the database is called 'logs' and has the structure... |id|integer|primary key| |host|text|default|NULL| |ip|text|default|NULL| |fac|text|default|NULL| |prio|text|default|NULL| |llevel|text|default|NULL| |tag|text|default|NULL| |utcsec|int|default|NULL| |r_utcsec|int|default|NULL| |tzoffset|text|default|NULL| |ldate|date|default|CURRENT_DATE| |ltime|time|default|CURRENT_TIME| |prog|text|default|NULL| |msg|text|default|NULL| ===== .SYNOCONNDB ===== This is the 'connections' log, so all connections (and rejections) will be logged here. This is a local log so it will only contain records from this NAS box. The single table in the database is called 'logs' and has the structure... |id|integer|primary key| |time|int|default|NULL| |level|text|default|NULL| |username|text|default|NULL| |msg|text|default|NULL| |user|text|default|NULL| |uid|text|default|NULL| |ip|text|default|NULL| |protocol|text|default|NULL| |token|text|default|NULL| |useragent|text|default|NULL| ===== .SYNOSYSDB ===== This is the system log table, this stores logs of actions on the NAS box such as creating, deleting, renaming users, passwords, shares etc. The single table in the database is called 'logs' and has the structure... |id|integer|primary key| |time|int|default|NULL| |level|text|default|NULL| |username|text|default|NULL| |msg|text|default|NULL| ===== LATER VERSIONS of DSM ===== In later versions Synology moved from SQLITE3 to POSTGRES and that's a touch harder to access from the command line, but you can if you wish open up ports on the firewall and edit the /etc/postgres conf files to make it accessable on your LAN, but we really don't recommend this. If you do want to access it from the command line you'll need to su to the postgres use first and the main database is in /volume1/@database