There are so many monitoring tools with various degrees of complicated setup / configuration or the amount of information you get. And honestly, I’ve looked into various tools: checkmk, monit, Prometheus… And realised that I rarely look into that information anyway. Of all “fancy” tools, I liked the ease of Netdata to set up and the amount of information that you get. However, beware that their in the process to make their free / homelad offering worse. I’ve been eyeing beszel and don’t forget CLI based tools that are avaible such as atop, btop, htop or glances.

If you want to delve deeper into the rabbit hole of monitoring, I can recommend you to read this article below: https://matduggan.com/were-all-doing-metrics-wrong/

I’ve tried different approaches with fail2ban, crowdsec, VPNs, etc. What I settled on is to divide the data of my services in two categories: confidential and “I can live with it leaking”.

The ones that host confidential data is behind a VPN and has some basic monitoring on them.

The ones that are out in the public are behind a WAF from cloudflare with pretty restrictive rules.

Yes, cloudflare suck etc., but the value of stopping potential attacks before they reach your services is hard to match.

Just keep in mind: you need layers of different security measures to protect your services (such as backups, control of network traffic, monitoring and detection, and so on).

I really like this. Is it possible to have it search several sources in the future?