As many others here, I have a home lab at home, with various containers like FreshRSS, Ampache…
I also have a netdata dashboard to monitor CPU and temps, disk usage… that sometimes send me alerts without me having configured anything, eg too much CPU used for more than 15 minutes.
However it doesn’t seem to cover log monitoring, or at least not in the way I want. I have a job and can’t dedicate thousands of hours to building something myself, nor configuring deeply some software stack.
All I want is my services to be monitored log-wise, with a single docker where you could mount multiple log directories, and have a simple interface that filters through the logs (based on their type/name, eg nginx logs aren’t treated the same way as kernel or auth logs, but without me having to configure more than the source type), to tell me if something is weird or just bad (eg someone logged in).
Does it exist without installing grafana + Prometheus + this and that + doing a shit ton of configuration and crying?
I use logcheck which should be available with your distro. It’s simple but pretty dumb though. It works by scanning your system logs, excludes any pre-configured regexps (it already comes with defaults for many of the most common logs), and sends you an email if there are any unexpected logs. I did have to add a bunch of custom regexps to exclude additional logs specific to my setup. But I just did this by adding new regexps whenever I got a logcheck email that I deemed irrelevant so not terribly difficult.
The end result is that I get an email with logs whenever anything unexpected happens. For example, I get emails whenever any SSH session is established (including my own) which gives me the confidence that if something starts going down, I should be able to see it.