Log of access to synology ds213+

nasroutersynology

I do have the following configuration:

dlink dir-615 router
nas synology ds213+ (DSM 4.2)
dynamic dns (through dlinkddns.com)

All the data are for personal (family) purpose only, however I would like to access something through internet (PhotoStation, FileStation). This works well, but I get a lot of requests from search engines and probably from some hacking activities. This is not a big security issue, but it wakes-up NAS from hibernation twice every hour.

I thought I can turn-on inbound filter on my router, unfortunately I am not able to find any logs on what IP accessed my NAS.

My question are:

where is detailed traffic log on Synology?
is inbound filter (deny specific IP addresses) good strategy or there is better one?

Best Answer

To answer your question:

Where is detailed traffic log on Synology?

On the top left menu bar, open the menu pane.
Click on System Logs
In the new window, click on the Connection tab.
Here you'll find a list of users and their connected IP Addresses.

Alternatively you can set up a Syslog Server which will help you trap all kind of system events, whether it's I/O operations or Network traffic. You can download the syslog package from the Package Center then go into your Control Panel and point the syslog client server to localhost.

Step 1 - Click on the menu on the top left corner Step 3 - IP addresses

Is inbound filter (deny specific IP addresses) good strategy or there is better one?

You can control IP address access through the firewall menu.

On the top left menu bar, open the menu pane.
Click on Control Panel
Click on the Firewall and QoS icon.
Set Allow/Deny rules.

If you want to tightly lock down your NAS, you can set ALLOW to a list of IP addresses that you trust and then create a DENY rule to deny from ALL.

Now you need to make sure the ALLOW IP addresses are not ISP provided/ dynamic IPs. If those IP were to change, you will be locked out from your device forever.

Firewall rules

In my opinion, if you are accessing these files through the internet. It would be more secure to set up a VPN server and block all data access except to local IPs only. Most modern OS comes equipped with VPN modules that makes set up a breeze. Such as Win 7 and OS X.

Related Solutions

Synology CloudStation log

On Windows you find the log files in C:\Users\<user>\AppData\Local\CloudStation\log

On your Synology NAS at least in DSM version 5.1-5004 in the main menu -> protocoll center (use the filter).

Under linux I don't know but probably in the /var/log folder.

Cannot log in to DSM (Synology NAS)

Thanks to Tonny's confirmation about Desktop I was able to fix the problem, so I will share because it is a bit frustrating if this happens to you....

After successfully inserting the passwords in DSM, the error is something like this: "You are not authorized to use this service."

Steps to fix the problem if you accidentally locked yourself out of the DSM Web access:

You need to have ssh access, and use an administrator user. If you don't, you probably need to do a soft reset.
(I am using Linux) Execute: ssh your_username@your_synology_ip
cd /etc
grep your_username /etc/passwd (e.g. grep administrator /etc/passwd) The answer will be something like administrator:x:1021:100::/var/services/homes/administrator:/bin/sh You are interested in your id, in the example: 1021
Make a backup of the database, just in case: cp synoappprivilege.db synoappprivilege.db.org
sudo sqlite3 synoappprivilege.db It will ask for your password. Insert the password of your_username (same password you used for ssh). It will prompt:
```
SQLite version 3.10.2 2016-01-20 15:27:19
Enter ".help" for usage hints.
sqlite>
```
Check tables (not strictly necessary):
```
sqlite> .tables
AppPrivRule
```

Query table (not strictly necessary):

 sqlite> select * from AppPrivRule;

This will dump the contents of the table, which will be similar to these:

 2|0|SYNO.SDS.WebDAVServer.Instance|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||
 2|0|SYNO.SDS.MailServer.Instance|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||
 2|0|SYNO.SDS.BackupService.Instance|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||
 2|0|SYNO.SDS.MailPlusServer.Instance|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||
...

The priviledge we unintentionally removed was SYNO.Desktop and will probably not be listed in the previous command. So we need to insert it (note: use your user id as obtained before with grep, in my case, 1021):
```
sqlite> insert into AppPrivRule VALUES(0,1021,'SYNO.Desktop','0.0.0.0','0000:0000:0000:0000:0000:FFFF:0000:0000','','');
```

Confirmation that everything is all right...

sqlite> select * from AppPrivRule;

2|0|SYNO.SDS.WebDAVServer.Instance|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||
...
0|1021|SYNO.Desktop|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||

DONE! You can now log in.

After I fixed the problem I found the same solution here, but it was impossible to get from search engines on the first instance. Also, beware the insert in that link has a small mistake.

Best Answer

Related Solutions

Synology CloudStation log

Cannot log in to DSM (Synology NAS)

Related Question