i need suggestions how to setup logging for my self hosted services (a personal website externally exposed and 10 more internal services via Headscale). I have couple of hp t610 plus with 8 GB RAMs and a 620 plus as Opnsense firewall. I managed to fit 4 sata drives (two internal sata ssd and 2 sata ssd using pcie multiplier) to one of the hp t610 plus and wondering if i can use it as a monitoring and NAS. I am thinking about installing graylog and grafana for monitoring in one lxc and openmediavault for NAS in another lxc. Previously thought of doing it with proxmox but lxd seems to avoid the overhead. Is this workable ? Can t610 plus handle both monitoring and NAS ? Any alternatives is appreciated. Minimal energy consumption is preferred. Thanks.
Big question. Let’s break down the huge topic of logging into some topics of interest. I’ll try to express them as questions in what I would consider order of importance:
Is anything wrong with my application/software/hardware? journalctl and log files will provide the raw data. Something like logwatch can provide daily summaries. Look for tools like icinga/nagios/zabbix or similar to collect data/logs and present them in a meaningful way.
Am I being attacked/hacked? I use fail2ban effectively to monitor and control hacking attempts on my public webserver.
How much are my existing resources utilized? Again icinga/nagios/zabbix can provide that, or be prepared to look for separate tools by app.
zabbix seems to me to have a steep curve to learn and setup. Alternatively checkmk could be used. But, i prefer log aggregator like graylog where all host logs can be sent and analysed and then grafana to visualize and alerting. Of course, finding the context and meaningful log is what the intended target.
I already have fail2ban setup in each host though Opnsense blocks most of the malwares. crowdsec, zenarmor and Adguard Home are already in place to monitor and block attacks.
my present delibration is about my hardware and whether this hp 610plus can handle such log analysis and if adding nas to it is ok or worsens the load to the device. I already installed graylog and grafana to it. It seems to work but i didn’t configure much to it. With it the cpu load was around 40%.