Synology and Splunk

A few things.

1.  I don't understand what was meant by "Sending log information using PORT 514 / UDP / BSD (RFC 3164)."  I don't know where you are trying to send this from and to.

2.  You can access the logs by going to the magnifying glass at the to right corner then search for "log center".  See screenshot.  

3.  If the information you're looking for is not in the log center then another option is to SSH into the Synology then go to /var/log

There are numerous log files here and you will have to do some research on your own to find the log file you need.  

I understand how to use the Logs in Synolgy. What I'm trying to do is have Synology send the logs to the SPLUNK  server.

Thanks.

Ok, I see.  You're trying to use Splunk in replacement of a Syslog server.

Is the problem with the Synology not sending the log or Splunk refusing the connection?

First I would check to see if the Synology is actually trying to send the logs.  Again check in the log center for any entries related to this action (check the general and connection log).  You can also use a socket tester to see if the Synology is trying to make that communication (replace the Splunk IP address with the computer running this).

Are there log files in the Splunk side to check incoming connection request because the Synology setup is basic as you already did.

The Splunk Server and Synology Server have the Same IP Address. Splunk is running in a Docker Container on the Synology box. I'm trying to find out 'how' to test the connection and see some sort of log that will show me what's going on behind the scene so I can figure it out. I tried multiple versions of 'netcat' but it locks up in Docker when I run them and can't see any output. The general log file for the Synology also doesn't provide any information in regards to the connection. I've checked every log output option.

If you use the Synology IP address the packets may go out then try to get back in which may be blocked by the Synology firewall (if enabled).

Try using loopback address 127.0.0.1

I'm not running the firewall at all on the Synolgy. I have a separate firewall device.

I tried the loopback address and that make a difference.

Is there a tool i.e packet sniffer or command for the Synology that will show me what's happening with the packets when I try to send the test logs to the syslog (Splunk) server.

I have never tried to traced packets from the Synology and don't think there's any tools in the package center.

Were you able to get the log into Splunk using the loopback address?

Sorry for the typo above. I meant to say, "I tried the loopback address and that 'did not' make a difference.

I would try running a socket tester as described above.  Run the application an PC then point the Synology to dump the log to that PC.  The sockter tester will show you if it's receiving data with the specified port from the Synology.