Hello all! I’m looking for some direction regarding log monitoring, not quite specific to NetBird, but more generally. I have the self-hosted NetBird proxy setup, pointing to some other services. Though I am fairly new to cybersecurity, I am coming from a tech background and have been self-hosting for a while, slowly getting into more and more networking. I have the basics setup: CrowdSec, geo-blocking, rootless ssh, passwordless ssh, firewall rules, etc. There’s always work to be done but the biggest thing I’m missing right now is a good monitoring system/plan.
I guess my question is: What is the best approach to logging? Is it to monitor logs of every individual service? Just the exposed proxy server? Should I be focused on networking logs? System logs? What am I looking for? Weird IPs or maybe resource spikes? I’m not particularly worried, nor pressed for time. I just need a good place to start. What does everyone else’s setups look like? That was a lot of questions, but thanks in advance!