QNAP Systems NAS¶
About¶
QNAP (Quality Network Appliance Provider) is devoted to providing comprehensive solutions in software development, hardware design and in-house manufacturing. Focusing on storage, networking and smart video innovations, QNAP now introduce a revolutionary Cloud NAS solution that joins our cutting-edge subscription-based software and diversified service channel ecosystem. QNAP envisions NAS as being more than simple storage and has created a cloud-based networking infrastructure for users to host and develop artificial intelligence analysis, edge computing and data integration on their QNAP solutions.
Product Details¶
Vendor URL: QNAP Systems NAS
Product Type: Data storage
Product Tier: Tier III
Integration Method: Syslog
Integration URL: n/a
Log Guide: QNAP Turbo NAS User Manual
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 90-95%
Data Label: QNAP_NAS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Oct 30 00:20:32 | metadata.event_timestamp |
| DEVICEHOSTNAME | observer.hostname, target.hostname |
| qulogd | observer.process.file.names |
| [14820] | observer.process.pid |
| conn log | metadata.product_event_type |
| Users | principal.user.userid |
| Source IP | principal.ip, target.ip |
| Computer name | principal.hostname |
| Connection type | network.application_protocol |
| Accessed resources | target.resource.name |
| Action | security_result.action, security_result.action_details |
Product Event Types¶
| Description | metadata.event_type |
|---|---|
| conn log | USER_LOGIN |
| event log | STATUS_UPDATE |
| all others | GENERIC_EVENT |
Log Sample¶
<30>Oct 30 00:20:32 DEVICEHOSTNAME qulogd[14820]: conn log: Users: admin, Source IP: 127.0.0.1, Computer name: ---, Connection type: HTTP, Accessed resources: Administration, Action: Login Success
Sample Parsing¶
extensions.auth.mechanism = "NETWORK"
metadata.event_timestamp.seconds = 1730247632
metadata.event_timestamp.nanos = 0
metadata.event_type = "USER_LOGIN"
metadata.product_event_type = "conn log"
metadata.product_name = "QNAP Turbo NAS"
metadata.vendor_name = "QNAP System"
network.application_protocol = "HTTP"
observer.hostname = "DEVICEHOSTNAME"
observer.process.file.names = "qulogd"
observer.process.pid = "14820"
principal.hostname = "---"
principal.ip = "127.0.0.1"
principal.user.userid = "admin"
security_result.action_details = "Login Success"
security_result.action = "ALLOW"
target.hostname = "DEVICEHOSTNAME"
target.resource.name = "Administration"
target.resource.resource_subtype = "Accessed Resources"
target.resource.resource_type = "FUNCTION"
Rules¶
Coming soon