If you’re like me, you need to constantly review access logs for audits. Synology’s devices are great for many things, one of them being that you can review logs via command line. Fair warning, accessing your Synology device or modifying it via CLI can void your warranty.
After you have logged into the device, you will first need to become a super user. The only way you can view log files or any important configuration files is by elevating your privileges.
Next, you will need to navigate to /var/log
cd /var/log
After that, you can use cat, tail, or head to view the contents of the file. If you are looking for a specific account i recommend grepping for the account.
cat auth.log | grep "admin"
Once you grep for that account, only logs related to that account will be shown on the screen.
2018-08-08T06:57:17-05:00 roguefive sshd[19791]: PAM 1 more authentication fail ure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.235 user=admin