How do you monitor your servers / VPS:es?

Submitted ⁨⁨3⁩ ⁨months⁩ ago⁩ by ⁨krash@lemmy.ml⁩ to ⁨selfhosted@lemmy.world⁩

Hello selfhosters. We all have all kinds of things running - bare-metal servres, VPS:es, containers and so on. Some of them may reside on the open internet, which is populated by autonomous malicious actors, and some may reside on a closed-off network since they contain sensitive data.

And there is a lot of solutions to monitor your servers, since you don’t want them to be part of a botnet, or mine bitcoins for APTs, or simply have your confidential data fall into the wrong hands.

Some of the tools I’ve looked at have been check_mk, netmonitor, monit - all of there monitor metrics such as CPU, RAM and network activity. Other tools such as Snort or Falco are designed to particularly detect suspicious activity. And there also are solutions that are hobbled together, like fail2ban actions together with pushover to get notified of intrusion attempts.

So my question to you is - how do you monitor your servers and with what tools?

source

Comments

Sort:hotnew top

Strit@lemmy.linuxuserspace.show ⁨3⁩ ⁨months⁩ ago
I’m pretty old school, but as I only have 1 server, I just use ssh, df, du and top.

source
- Deebster@programming.dev ⁨3⁩ ⁨months⁩ ago
  Not even htop? That is old school.
  
  source
  - beta_tester@lemmy.ml ⁨3⁩ ⁨months⁩ ago
    Not even btop? That’s middle school.
    
    source
    -> View More Comments
avidamoeba@lemmy.ca ⁨3⁩ ⁨months⁩ ago
Prometheus.

It’s open source, it’s easy to setup, it can serve the most simple use of “is it down” as well as much more complicated ones that stem from its ability to collect data over time.

Personally I’m monitoring:

Is it up?

Is the storage array healthy?

Are the services I care about running?

I used to run it ephemerallly - wiping data on restart. Recently started persisting its data so I can see data over the longer run.
source
- surewhynotlem@lemmy.world ⁨3⁩ ⁨months⁩ ago
  What do you use to see the data? Prometheus itself is easy to set up, but getting to the data seemed complicated.
  
  source
  - lud@lemm.ee ⁨3⁩ ⁨months⁩ ago
    You can use grafana to visualise the data.
    
    Grafana isn’t too hard to use.
    
    source
MystikIncarnate@lemmy.ca ⁨3⁩ ⁨months⁩ ago
I’m a network guy, so everything in my labs use SNMP because it works with everything. Things that don’t support SNMP are usually replaced and yeeted off the nearest bridge.

For that I use librenms. Simple, open source, and I find it easy to use, for the most part. I put it on a different system than what I’m monitoring because if it shares fate with everything else, it’s not going to be very useful or give me any alerts if there’s a full outage of my main homelab cluster.

Of course, access from the internet to it, is forbidden, and any SNMP is filtered by my firewall. Nothing really gets through for it, so I’m unconcerned about it becoming a target. For the rest of my systems security is mostly reliant on a small set of reverse proxies and firewall rules to keep everything secure.

I use a couple of VPN systems to access the servers remotely, all running on odd ports (if they need port forwards at all). I have multiple to provide redundancy to my remote access, so if one VPN isn’t working due to a crash or something, I have others that should get me some measure of access.

source
its_me_gb@feddit.uk ⁨3⁩ ⁨months⁩ ago
Prometheus for metrics

Loki for logs

Grafana for dashboards.

I use node exporter for host metrics (Proxmox/Cams/SFFs/RaspPis/Router) and a number of other *exporters:

exportarr

plex-exporter

unifi-exporter

bitcoin node exporter

I use the OpenTelemetry collector to collect some of the above metrics, rather than Prometheus itself, as well as docker logs and other log files before shipping them to Prometheus/Loki.

Oh, I also scrape metrics from my Traefik containers using OTEL as well.
source
- namelivia@lemmy.world ⁨3⁩ ⁨months⁩ ago
  What does having OpenTelemetry improve? I have a setup similar to yours but data goes from Prometheus to Grafana and I never thought I would need anything else.
  
  source
  - its_me_gb@feddit.uk ⁨3⁩ ⁨months⁩ ago
    Not a whole lot to be honest. But I work with OpenTelemetry everyday for my day job, so it was a little exercise for me.
    
    Though, OTEL does have some advantages in that It is a vendor agnostic collection tool. allowing you to use multiple different collection methods and switch out your backend easily if you wish.
    
    source
- lud@lemm.ee ⁨3⁩ ⁨months⁩ ago
  Have you tried the proxmox exporter? I have tried it briefly for a grafana lab and it seemed pretty good.
  
  github.com/…/prometheus-pve-exporter
  
  source
  - its_me_gb@feddit.uk ⁨3⁩ ⁨months⁩ ago
    I haven’t, but it looks like I’ve got another exporter to install and dashboard to create 😁
    
    source
    -> View More Comments
drkt@feddit.dk ⁨3⁩ ⁨months⁩ ago
Sometimes I just sit and stare at my apache access logs because I’m bored

GoAccess is pretty nice for a broad overview of Apache logs, also.

For other services I generally just look at them every now and then and if something looks off I investigate. I found a cryptominer on my network once because it was spamming DNS and that shows up in DNS logs.

source
- Bakkoda@sh.itjust.works ⁨3⁩ ⁨months⁩ ago
  I used to use some logging script made in Go where you could filter your logs and they would update in real time. Was great for catching stuck processes, leave it running on a different desktop, mousewheel over to it (i miss openbox so so much) and check my logs. I just have nothing facing outwards now so i ignore everything.
  
  source
SeeJayEmm@lemmy.procrastinati.org ⁨3⁩ ⁨months⁩ ago
I’m running checkmk for monitoring but that won’t help you with detection of unwanted logins. For security I’m running crowded.

source
- peter@feddit.uk ⁨3⁩ ⁨months⁩ ago
  What’s crowded? I am having trouble searching for it because of its name
  
  source
  - archy@lemmy.world ⁨3⁩ ⁨months⁩ ago
    crowdsec, pretty sure what’s meant
    
    source
    -> View More Comments
MrMcGasion@lemmy.world ⁨3⁩ ⁨months⁩ ago
I’ve dabbled with some monitoring tools in the past, but never really stuck with anything proper for very long. I usually notice issues myself. I self-host my own custom new-tab page that I use across all my devices and between that, Nextcloud clients, and my home-assistant reverse proxy on the same vps, when I do have unexpected downtime, I usually notice within a few minutes.

Other than that I run fail2ban, and have my vps configured to send me a text message/notification whenever someone successfully logs in to a shell via ssh, just in case.

Based on the logs over the years, most bots that try to login try with usernames like admin or root, I have root login disabled for ssh, and the one account that can be used over ssh has a non-obvious username that would also have to be guessed before an attacker could even try passwords, and fail2ban does a good job of blocking ips that fail after a few tries.

If I used containers, I would probably want a way to monitor them, but I personally dislike containers (for myself, I’m not here to “yuck” anyone’s “yum”) and deliberately avoid them.

source
vegetaaaaaaa@lemmy.world ⁨3⁩ ⁨months⁩ ago
Netdata (agent only/not the cloud-based features)

source
JonnyJaap@lemmy.world ⁨3⁩ ⁨months⁩ ago
I used zabbix at some point, but I never looked at the data so I stopped. Zabbix shows all kind of stuff.

I have cockpit on my bare-metal that has some stats, and netdata on my firewall, I do not track any of my VM’s (except vnstat that runs on everything device).

source
loudwhisper@infosec.pub ⁨3⁩ ⁨months⁩ ago
I run Prometheus on a separate cluster, so I plug my servers with node_exporter and scrape metrics. I then alert with grafana. To be honest, the setup is heavier (resource usage-wise) than I would like for my use case, but it’s what I am used to, and scales well to multiple machines.

source
namelivia@lemmy.world ⁨3⁩ ⁨months⁩ ago
Prometheus, Loki and Grafana.

source
- johannes@lemmy.jhjacobs.nl ⁨3⁩ ⁨months⁩ ago
  Golden! We use the same :)
  
  source
johntash@eviltoast.org ⁨3⁩ ⁨months⁩ ago
UptimeKuma is great, I use it for the simple “are my services up?” and is what I pay most attention to.

I still use zabbix for finer grained monitors though like checking raid status, smartctl, disk space, temperatures, etc.

I’ve been trying out librenms with more custom snmp checks too and am considering going that route instead of zabbix in the future

source
dataprolet@lemmy.dbzer0.com ⁨3⁩ ⁨months⁩ ago
Uptime-Kuma

source
Cyberflunk@lemmy.world ⁨3⁩ ⁨months⁩ ago
Reduce your threat profile. Run sslh, 443 handles both SSL and ssh. Adjust your host based firewall to just 443 Attack yourself on that port, identify the logs Add the new profiles to fail2ban Enable fail2ban email If you don’t like email, use a service that translates email to notification. Ntfy.sh is free notifications Or… Use something like tailscale and don’t offer a remote login to the general Internet.

I submitted your post to got here’s what it thought

shareg.pt/Tz0El4k

source
possiblylinux127@lemmy.zip ⁨3⁩ ⁨months⁩ ago
I don’t do much in the way of monitoring. I guess I should do that.

source
makingrain@lemm.ee ⁨3⁩ ⁨months⁩ ago
Uptime Kuma and ntfy.

source
MSgtRedFox@infosec.pub ⁨3⁩ ⁨months⁩ ago
PRTG has a community edition Elastiflow for netflow has free/community edition Grafana and influxdb open source

source
lemann@lemmy.dbzer0.com ⁨3⁩ ⁨months⁩ ago
I used to pass all the data through to Home Assistant and show it on some dashboards, but I decided to move over to Zabbix.

Works well but is quite full-featured, maybe moreso than necessary for a self hoster. Made a mediatype integration for my announciator system so I hear issues happening with the servers, as well as updates on things, so I don’t really need to check manually. Also a custom SMART template that populates the disk’s physical location/bay (as the built in one only reports SMART data).

It’s notified me of a few hardware issues that would have gone unnoticed on my previous system, and helped with diagnosing others. A lot of the sensors may seem useless, but trust me, once they flag up you should 100% check on your hardware. Hard drives losing power during high activity because of loose connections, and a CPU fan failure to name two.

It has a really high learning curve though so not sure how much I can recommend it over something like Grafana+Prometheus - something I haven’t used but the combo looks equally as comprehensive as long as you check your dashboard regularly.

Just wish there were more android apps

source
taladar@sh.itjust.works ⁨3⁩ ⁨months⁩ ago
Icinga2 works reasonably well for us. It is easy to write new checks as small shell scripts (or any other binary that can print and set and exit status code).

source
TheGreenGolem@lemmy.dbzer0.com ⁨3⁩ ⁨months⁩ ago
It cannot notify you, you have to check it manually, but: I use DaRemote on my phone to periodically check my bare metal.

source
Decronym@lemmy.decronym.xyz ⁨3⁩ ⁨months⁩ ago
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters

DNS Domain Name Service/System

SSL Secure Sockets Layer, for transparent encryption

VPS Virtual Private Server (opposed to shared hosting)

[Thread #421 for this sub, first seen 10th Jan 2024, 14:55] [FAQ] [Full list] [Contact] [Source code]

source

Fewer Letters	More Letters
DNS	Domain Name Service/System
SSL	Secure Sockets Layer, for transparent encryption
VPS	Virtual Private Server (opposed to shared hosting)