Based on the news reported in this article: https://www.bleepingcomputer.com/news/security/qnap-warns-of-ongoing-brute-force-attacks-against-nas-devices/

If you have a QNAP NAS like I do, and I hope you’re keeping the firmware up to date on a regular basis, you’re probably wondering about this brute force attack that’s going on as of this post. You can check the syslog of course but if you want the data in a more usable format, and you happen to be using Splunk (I have Splunk installed with the free 500mb/day license), here’s a handy query that could help using regex to get the IP address.

NOTE: I use qnap as the source name.

source=qnap "Failed to log in via user account" 
| rex field=_raw "^(?:[^\"\n]*\"){2}\.\s+\w+\s+\w+\s+\w+:\s+(?P<src>\d+\.\d+\.\d+\.\d+)"

Optional stats count of IP addresses.

| stats count by src

Here’s an example screenshot:

Remember to keep your QNAP firmware updated. Stay safe!