I recently got my home lab setup working pretty well. I’m running a VPS with Nginx Proxy Manager, wildcard certificates, and WireGuard to handle external traffic routing to my homelab services. For internal access, I use a local DNS server that points to an internal NPM instance with the same wildcard cert. Everything is working great so far.
Now I’m wondering about log monitoring for the external NPM instance. I can see various log files like proxy-host-2_access.log and error.log for each proxied service, but I’m not sure how long these logs are kept or what the best practices are for monitoring them. I feel like I should be keeping track of this data for security reasons, maybe to implement IP blocking when needed.
How do you handle NPM log monitoring in your setups?
For Nginx Proxy Manager logs, set up log rotation if you haven’t - it’ll save your disk space. I keep logs for about 30 days, which gives me enough history without eating storage. Use fail2ban for real-time monitoring - it watches your logs and auto-blocks sketchy IPs. Don’t just rely on automation though. Check your logs regularly to spot weird patterns or threats. The proxy-host access logs are gold for seeing traffic patterns and catching scan attempts, so make those part of your regular checks.
i use loki and grafana for npm logs, super easy to see traffic spikes and those random 404s that might be scanning attempts. i also set alerts for ip that keep failing requests, way better than digging through logs manually.
Been running NPM for two years and learned log management the hard way. Default retention depends on your Docker setup, but I’ve seen logs hit several GB without rotation. What works for me: ship logs to a centralized syslog server with rsyslog. Keeps them off the NPM container and gives you way better storage control. For monitoring, I use a simple Python script that parses access logs for failed auth attempts and sketchy User-Agent strings. Most attacks show clear patterns in the logs before they get serious, so even basic monitoring catches tons of stuff.