Manuals+

Configuring Synology NAS Auditing

With ManageEngine ADAudit Plus

Overview

This guide details the process of configuring Synology DiskStation NAS devices to send audit logs to ManageEngine ADAudit Plus. Synology DiskStations run the DiskStation Manager (DSM) OS and are network-attached storage devices. ADAudit Plus is a real-time change auditing and user behavior analytics software designed to monitor file accesses and modifications on Synology NAS, helping organizations meet IT compliance requirements such as HIPAA, FISMA, GDPR, and SOX.

Benefits of Auditing Synology NAS

Auditing your Synology NAS with ADAudit Plus ensures the safety of business-critical files and folders. It provides comprehensive reports on file events, including:

ADAudit Plus enables tracking of accesses and changes to shares, files, and folders, viewing user and origin IP addresses for file actions, and receiving periodic audit reports. It helps meet various IT regulations including HIPAA, GLBA, SOX, PCI DSS, ISO 27001, FISMA, and GDPR.

Supported DSM versions include DSM 5.0 and above.

Configuration Steps

The following steps outline how to add a Synology NAS device and configure it to send logs to ADAudit Plus:

Adding DiskStation Servers

  1. Log in to the ADAudit Plus web console. Navigate to the File Audit tab, then Configured Server(s), and select Synology NAS. Click Add Server.
  2. Enter the Synology device name and click Next.
  3. Select the shares to be monitored and click Next.

Setting Up Log Forwarding

  1. In Synology DiskStation Manager, open Control Panel, navigate to File Services, and select Enable Transfer Log.
  2. Open Log Center and navigate to Log Sending. Select Send logs to a syslog server.
  3. Provide the target server name and the syslog port number ADAudit Plus is listening to.
  4. Set the log format to IETF (RFC 5424).
  5. Click Apply.

Note: The default Syslog Listening Port for ADAudit Plus is 514, which can be adjusted in Admin > General Settings > Connection.

Ensure the following filters are selected under the Filter tab in Log Center: File Station log and Windows file transfer.

Excluding Files and Folders from Auditing

ADAudit Plus offers an Exclude Configuration feature to omit specific files or folders from auditing. Exclusions can be based on file/folder local path, file type, process name, or user name.

To configure exclusions:

  1. Log in to the ADAudit Plus web console.
  2. Navigate to the File Audit tab, then Configuration, and select Exclude Configuration.
  3. Choose the exclusion criteria (e.g., File/Folder local path, File Type, Process Name, or Users).
  4. Click '+' and configure the necessary settings, providing paths or patterns as needed.

The document provides example scenarios for excluding folders and files using specific paths and regex patterns.

Troubleshooting

To verify if the port numbers for Log Sending and ADAudit Plus' Syslog Listening Port match:

  1. In ADAudit Plus, navigate to Admin > General Settings > Connection to view the configured port.
  2. In Synology DSM, navigate to Log Center > Log Sending and verify the provided port number.

PDF preview unavailable. Download the PDF instead.

guide-to-configure-synology-diskstation-nas-in-adauditplus Adobe PDF library 15.00

Related Documents

Preview ADAudit Plus Agent-based Data Collection Guide
A comprehensive guide to installing, configuring, and troubleshooting the ADAudit Plus agent for efficient data collection across your network.