Synology Authentication Logs

If you’re like me, you need to constantly review access logs for audits. Synology’s devices are great for many things, one of them being that you can review logs via command line. Fair warning, accessing your Synology device or modifying it via CLI can void your warranty.

After you have logged into the device, you will first need to become a super user. The only way you can view log files or any important configuration files is by elevating your privileges.

Next, you will need to navigate to /var/log

cd /var/log

 

After that, you can use cat, tail, or head to view the contents of the file. If you are looking for a specific account i recommend grepping for the account.

cat auth.log | grep "admin"

Once you grep for that account, only logs related to that account will be shown on the screen.

2018-08-08T06:57:17-05:00 roguefive sshd[19791]: PAM 1 more authentication fail ure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.235 user=admin

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s